v erification de syst emes avec compteurs et pointeurs
play

V erification de syst` emes avec compteurs et pointeurs Arnaud - PowerPoint PPT Presentation

V erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan, CNRS & EDF R&D 21 Novembre 2008 Th` ese CIFRE r ealis ee dans le cadre du projet RNTL AVERILES 1 Computer systems are everywhere 2


  1. V´ erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan, CNRS & EDF R&D 21 Novembre 2008 Th` ese CIFRE r´ ealis´ ee dans le cadre du projet RNTL AVERILES 1

  2. Computer systems are everywhere 2 Introduction

  3. Computer systems are everywhere 2 Introduction

  4. Computer systems are everywhere 2 Introduction

  5. 3 Introduction

  6. Objective of the thesis Propose methods to verify automatically the correct behaviour of programs Example of program Characterictic of the pro- List reverse(List p) { grams : List q,r; • Manipulate dynamically q =NULL; the memory heap while (p!=NULL) { r=q; q=p; Property to check : p=p->next; q->next=r; } • Absence of errors return q; } 4 Introduction

  7. Formal methods Use of mathematics to prove a desired property Different methods have been proposed : • Automatic generation of tests • Theorem proving • Model checking ⇒ These methods are often complementary 5 Introduction

  8. Formal methods Use of mathematics to prove a desired property Different methods have been proposed : • Automatic generation of tests • Theorem proving • Model checking ⇒ These methods are often complementary 5 Introduction

  9. Principle of model checking Does a system satisfy a specification ? 6 Introduction

  10. Principle of model checking Does a system satisfy a specification ? Model 6 Introduction

  11. Principle of model checking Does a system satisfy a specification ? Φ Model Formula 6 Introduction

  12. Principle of model checking Does a system satisfy a specification ? | = Φ ? model-checking algorithm Model Formula 6 Introduction

  13. Model checking issues 1 Define models to represent the systems • Finite state systems / Infinite state systems 2 Define specification languages to express properties • Temporal logics 3 Find algorithms and/or procedures of model-checking ⇒ Trade-off between efficiency and expressiveness 7 Introduction

  14. Verification of programs with lists • Active field of research • Many methods using shape analysis ⇒ Find a method to refine shape analysis [Bardin et al. 04] • There is a strong connection between programs with lists and counter machines • Considering the length of the lists allows to refine shape analysis In this thesis : 1 Study of counter machines 2 Establish a link between counter machines and programs with lists 8 Introduction

  15. Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 • An execution : 9 Introduction

  16. Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 • An execution : ( q 1 , 0 ) 9 Introduction

  17. Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) • An execution : 9 Introduction

  18. Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) → ( q 1 , 1 ) → ( q 2 , 3 ) . . . • An execution : 9 Introduction

  19. Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) → ( q 1 , 1 ) → ( q 2 , 3 ) . . . • An execution : • The reachability set : Reach ( S , ( q 1 , 0 )) = { q 1 } × N ∪{ q 2 } × N \ { 0 , 1 } ∪{ q 3 } × N \ { 0 , . . . , 9 } 9 Introduction

  20. Verification of counter machines Theorem [Minsky 67] The reachability problem is undecidable for 2-counter machines For some classes reachability is decidable • Petri nets or VASS [Kosaraju 82, Mayr 84] • Reversal-bounded counter machines [Ibarra 78] • Flat and flattable counter machines [Finkel & Leroux 02] • How to represent the reachability set of a counter machine ⇒ With semi-linear sets / Presburger arithmetic • FAST : A tool to compute semi-linear reachability set [Leroux et al. 03] 10 Introduction

  21. Outline Introduction 1 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL Verification of programs with lists 3 Conclusion 4 11 Introduction

  22. Outline 1 Introduction 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL 3 Verification of programs with lists Conclusion 4 12 Verification of counter machines

  23. Motivation Find classes of counter machines for which reachability problems are decidable 13 Verification of counter machines

  24. Motivation Find classes of counter machines for which reachability problems are decidable Even better: Find classes of counter machines for which the reachability set can be computed 13 Verification of counter machines

  25. Ibarra-reversal-bounded counter machines Definition [Ibarra78] A counter machine ( S , c 0 ) is Ibarra-reversal-bounded iff there exists a k ∈ N s.t. in all the executions of S leaving from c 0 , each counter does at most k alternations between increasing and decreasing mode. x ′ 1 = x 1 + 2 3 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 Not Ibarra-reversal-bounded (with c 0 = ( q 1 , 0 ) ) 14 Verification of counter machines

  26. Ibarra-reversal-bounded counter machines Definition [Ibarra78] A counter machine ( S , c 0 ) is Ibarra-reversal-bounded iff there exists a k ∈ N s.t. in all the executions of S leaving from c 0 , each counter does at most k alternations between increasing and decreasing mode. 3 ≤ x 1 ? q 1 q 3 x ′ 1 = x 1 + 1 Ibarra-reversal-bounded (with c 0 = ( q 1 , 0 ) ) 14 Verification of counter machines

  27. Counter machines with computable semi-linear reachability set Bounded 15 Verification of counter machines

  28. Counter machines with computable semi-linear reachability set [Ibarra 78] Ibarra Reversal Bounded Bounded 15 Verification of counter machines

  29. Counter machines with computable semi-linear reachability set [Leroux & Sutre 05] Flattable (termination of FAST ) Ibarra Reversal Bounded Bounded 15 Verification of counter machines

  30. A not Ibarra-reversal-bounded counter machine S x ′ = x + 1 q 1 q 2 x ′ = x − 1 • ( S , ( q 1 , 0 )) is not Ibarra-reversal-bounded • Reach ( S , ( q 1 , 0 )) = { ( q 1 , 0 ) , ( q 2 , 1 ) } is finite hence semi-linear ⇒ Extend the notion of reversal-bounded 16 Verification of counter machines

  31. Reversal-bounded counter machines Definition [MFCS 08] A counter machine ( S , c 0 ) is k -reversal- b -bounded iff each counter does at most k alternations over the bound b . b . . . . . . 17 Verification of counter machines

  32. Reversal-bounded counter machines Definition [MFCS 08] A counter machine ( S , c 0 ) is k -reversal- b -bounded iff each counter does at most k alternations over the bound b . b . . . . . . Remarks : • Ibarra-reversal-bounded counter machines are reversal-0-bounded • b -bounded counter machines are 0-reversal- b -bounded 17 Verification of counter machines

  33. Counter machines with computable semi-linear reachability set Ibarra Reversal Bounded Bounded 18 Verification of counter machines

  34. Counter machines with computable semi-linear reachability set [MFCS 08] Reversal Bounded Ibarra Reversal Bounded Bounded 18 Verification of counter machines

  35. Counter machines with computable semi-linear reachability set Flattable (termination of FAST ) Reversal Bounded Ibarra Reversal Bounded Bounded 18 Verification of counter machines

  36. Can we decide if a counter machine is reversal-bounded ? Undecidability [MFCS 08] The following problems are undecidable for counter machines 1. Reversal-boundedness 2. k -reversal-boundedness (for a fixed k ) 3. Reversal- b -boundedness (for a fixed b ) 19 Verification of counter machines

  37. Can we decide if a counter machine is reversal-bounded ? Undecidability [MFCS 08] The following problems are undecidable for counter machines 1. Reversal-boundedness 2. k -reversal-boundedness (for a fixed k ) 3. Reversal- b -boundedness (for a fixed b ) Decidability [MFCS 08] 1. Verifying if a counter machine is k -reversal- b -bounded is decidable 2. Verifying if a VASS is reversal-bounded is decidable 19 Verification of counter machines

  38. Verifying counter machines using reversal-bounded counter machines Require: S a counter machine; Require: ( q 0 , v 0 ) an initial configuration; Ensure: C a set of configurations; 1: C = { ( q 0 , v 0 ) } , k = 0, b = 0 2: while Post ( S , C ) �⊆ C do k = k + 1 3: b = b + 1 4: Choose an unfolding S k , b of S which is k -reversal- b - 5: bounded C = Reach ( S k , b , ( q 0 , v 0 )) 6: 7: end while 8: return C 20 Verification of counter machines

  39. Outline 1 Introduction 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL 3 Verification of programs with lists Conclusion 4 21 Verification of counter machines

  40. Motivation Describe the temporal behavior of a counter machine How ? Temporal logics • linear time : LTL [Pnueli 77] • branching time : CTL [Clarke & Emerson 82] • CTL ∗ [Emerson & Halpern 83] ⇒ Do not allow to speak about the values of the counter 22 Verification of counter machines

Recommend


More recommend