static program checking and verification correctness
play

Static program checking and verification Correctness class ArraySet - PowerPoint PPT Presentation

Sep 13, 2022 •251 likes •445 views

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Mller Static program checking and verification Correctness class ArraySet

  1. Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Slides: Based on KSE06 – With kind permission of Peter Müller Static program checking and verification

  2. Correctness class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { class ArraySet implements Set { Behavioral private int [ ] array; private int [ ] array; private int [ ] array; private int [ ] array; private int [ ] array; Specification private int next; private int next; private int next; private int next; private int next; … … … … … Semantic Rules public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { public void insert( int i ) { for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) for ( int j = 0; j < next; j-- ) if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; if array[ j ] == i then return true ; Context return false ; return false ; return false ; return false ; return false ; Conditions } } } } } } } } } } Syntax Rules Software Engineering, lecture 20: Static program checking and verification 2

  3. Aspects of correctness Behavioral Specification Test, Semantics Verification Semantic Rules Context Semantic Analysis, Conditions Type Checking Syntax Syntax Rules Scanning, Parsing Software Engineering, lecture 20: Static program checking and verification 3

  4. Test and verification Test Verification Objective Objective � Detect bugs � Prove correctness Examples Examples � White box test � Formal verification based on a logic � Black box test � Symbolic execution Problems Problems � Expensive � Successful test does not guarantee correctness � Formal specification of behavior is required Software Engineering, lecture 20: Static program checking and verification 4

  5. Levels of coverage Coverage Program verification Extended static checking Decidability ceiling Type checking Effort Software Engineering, lecture 20: Static program checking and verification 5

  6. Extended static checking ESC/Java developed at DEC, Compaq, and HP Research Fully automated tool Tries to verify � Absence of runtime exceptions and common mistakes e.g. null dereference, array bounds, type cast errors, deadlocks � Simple user-specified contracts invariants, pre/postconditions, loop invariants, assertions Program Program with Error Program with Error specifications Checker/Verifier messages specifications messages Bag.java:18: Array index possibly too large Software Engineering, lecture 20: Static program checking and verification 6

  7. Program checker design tradeoffs Objectives � Fully automated reasoning � As little annotation overhead as possible � Performance Main reason why it’s Not sound called checker and � Errors may be missed not verifier Not complete � Warnings do not always report errors (false alarms) Goal � Cost-effective tool � Find source of possible bugs quickly Software Engineering, lecture 20: Static program checking and verification 7

  8. Tool architecture Annotated Java program Annotated Java program Translator Translator Verification condition Verification condition Valid Automatic Theorem Prover Automatic Theorem Prover Resource exhausted Counterexample context Counterexample context Post Processor Post Processor Warning messages Warning messages Software Engineering, lecture 20: Static program checking and verification 8

  9. Theorem prover: “Simplify” Automatic: No user interaction Refutation based : To prove ϕ it will attempt to satisfy ¬ ϕ � If this is possible, a counterexample is found, and we know a reason why ϕ is invalid � If it fails to satisfy ¬ ϕ then ϕ is considered to be valid Software Engineering, lecture 20: Static program checking and verification 9

  10. Time limits Logic used in Simplify is semi-decidable � Each procedure that proves all valid formulas loops forever on some invalid ones Simplify works with a time limit � When time limit is reached, counterexample is returned � Longer computation might show that returned counterexample is inconsistent Time limits are a source of incompleteness � Spurious counterexamples lead to spurious warnings Software Engineering, lecture 20: Static program checking and verification 10

  11. ESC/ Java2 Successor of ESC/Java Eclipse integration Made specification language compatible with JML Made open source Give it a try! http://secure.ucd.ie/products/opensource/escjava2 Software Engineering, lecture 20: Static program checking and verification 11

  12. Spec# Program verification tool developed at MS Research Superset of C# � non-null types contracts C# everywhere � pre- and postconditions into the future � object invariants Tool support type run-time static checking checks verification � more type checking degree of checking, � compiler-emitted run-time checks effort � static program verification � fully integrated into Visual Studio .NET 2005 Software Engineering, lecture 20: Static program checking and verification 12

  13. Spec# vs. ESC/ Java(2) Similarities � Architecture � Full automation (even theorem prover is the same) � Essential contract language Differences � Spec# is sound � Spec# does modular reasoning price to pay: need to understand methodology Software Engineering, lecture 20: Static program checking and verification 13

  14. Non-null types T x; The value of x is - null or - reference to object whose type is a subtype of T. T ! y; The value of y is - reference to object whose type is a subtype of T, and not null . Software Engineering, lecture 20: Static program checking and verification 14

  15. Types versus assertions Without non-null types: Person(string name) requires name != null; With non-null types: Person(string! name) Software Engineering, lecture 20: Static program checking and verification 15

  16. Comparing against null public void M(T x){ if (x == null) { … } else { T! y = x; … } } Spec# performs a data-flow analysis to allow this Software Engineering, lecture 20: Static program checking and verification 16

  17. Spec# DEMO

  18. References ESC/Java � Flanagan et al.: Extended Static Checking for Java ESC/Java2 � http://secure.ucd.ie/products/opensource/ESCJava2 Spec# � Barnett et al.: Boogie: A Modular Reusable Verifier for Object-Oriented Programs � http://research.microsoft.com/specsharp Rustan Leino’s lectures � http://research.microsoft.com/~leino/talks.html Software Engineering, lecture 20: Static program checking and verification 18

Recommend

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp;

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp;

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &amp; Postconditions Program Verification Assignments Composition Conditionals Loops Proofs about Programs Why

537 views • 36 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe

The Mobius Program Verification Environment Recent Advances in Extended Static Checking Joe Kiniry, University College Dublin Joe Kiniry, University College Dublin http://mobius.inria.fr/ http://mobius.inria.fr/ Contract n IST 015905

534 views • 21 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type Checking Statistic Analysis Requirements definition Inspections, Reviews 15-313 Integration/System/Acceptance/Regression/GUI/Bl

608 views • 45 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification Technology

Fachgebiet RechnerSysteme Technische Universitt Verification Technology Darmstadt 3. Satisfiability Checking Computer Systems Lab 1 3. Satisfiability Checking 3 3. Satisfiability Checking 3.1 SAT-Checking Procedures Verification

278 views • 11 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli

Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli

Motivation Example Architecture Discussion Extended Static Checking for Java Lukas Erlacher TU Mnchen - Seminar Verification 14. Juli 2011 Erlacher Extended Static Checking for Java Motivation Example Architecture Discussion Outline

662 views • 32 slides
Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R.

Program Correctness Literatuur Verification of Sequential and Concurrent Programs. Krzysztof R. Apt, Frank S. de Boer, Ernst-R udiger Olderog. Series: Texts in Computer Science. Springer. 3rd ed. 2nd Printing. ISBN: 978-1-84882-744-8. Te

1.23k views • 112 slides
Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan

Checking &amp; Spot-Checking the Correctness of Priority Queues Matthew Chu &amp; Sampath Kannan (UPenn) Andrew McGregor (UCSD) Memory Checking Memory Checking Your resources: A lot of cheap unreliable memory and a little expensive reliable

1.11k views • 70 slides
Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should

Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should

Automated Program Verification Winter 2011 Guaranteeing Program Correctness Programs should behave how we want them to Example: not crashing with an unexpected exception To guarantee this: 1. Specify what a programs behavior should

389 views • 21 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security Part I: Types and Recursion Schemes for Higher-Order Program Verification Part II: Higher-Order Program Verification and Language-Based Security

836 views • 54 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston

Applying Language-based Static Verification in an ARM Operating System Matthew Danish Boston University md@bu.edu 9 May 2013 What do we want? Correctness Flexibility Responsiveness Practicality Predictability What do we want?

370 views • 26 slides
Introduction Goal: Use programmers design decisions with automatic checking todetect potential

Introduction Goal: Use programmers design decisions with automatic checking todetect potential

0.5 setgray0 0.5 setgray1 Introduction Goal: Use programmers design decisions with automatic checking todetect potential errors. Extended Static Checking (ESC) tries to prove correctness at compile-time helps finding run-time exceptions

302 views • 11 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo Whats This Talk About? Introduction to higher-order model checking (model checking of higher- order recursion schemes) and its applications to

641 views • 40 slides
Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about cri4cal parts of a program and reason effec4vely A program is intended to carry out a

1.01k views • 57 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics

The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics

The Calculus of Computation: Decision Procedures with 5. Program Correctness: Mechanics Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 5- 1 5- 2 Program A: LinearSearch with function specification Function

777 views • 12 slides

More recommend