V´ erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan, CNRS & EDF R&D 21 Novembre 2008 Th` ese CIFRE r´ ealis´ ee dans le cadre du projet RNTL AVERILES 1
Computer systems are everywhere 2 Introduction
Computer systems are everywhere 2 Introduction
Computer systems are everywhere 2 Introduction
3 Introduction
Objective of the thesis Propose methods to verify automatically the correct behaviour of programs Example of program Characterictic of the pro- List reverse(List p) { grams : List q,r; • Manipulate dynamically q =NULL; the memory heap while (p!=NULL) { r=q; q=p; Property to check : p=p->next; q->next=r; } • Absence of errors return q; } 4 Introduction
Formal methods Use of mathematics to prove a desired property Different methods have been proposed : • Automatic generation of tests • Theorem proving • Model checking ⇒ These methods are often complementary 5 Introduction
Formal methods Use of mathematics to prove a desired property Different methods have been proposed : • Automatic generation of tests • Theorem proving • Model checking ⇒ These methods are often complementary 5 Introduction
Principle of model checking Does a system satisfy a specification ? 6 Introduction
Principle of model checking Does a system satisfy a specification ? Model 6 Introduction
Principle of model checking Does a system satisfy a specification ? Φ Model Formula 6 Introduction
Principle of model checking Does a system satisfy a specification ? | = Φ ? model-checking algorithm Model Formula 6 Introduction
Model checking issues 1 Define models to represent the systems • Finite state systems / Infinite state systems 2 Define specification languages to express properties • Temporal logics 3 Find algorithms and/or procedures of model-checking ⇒ Trade-off between efficiency and expressiveness 7 Introduction
Verification of programs with lists • Active field of research • Many methods using shape analysis ⇒ Find a method to refine shape analysis [Bardin et al. 04] • There is a strong connection between programs with lists and counter machines • Considering the length of the lists allows to refine shape analysis In this thesis : 1 Study of counter machines 2 Establish a link between counter machines and programs with lists 8 Introduction
Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 • An execution : 9 Introduction
Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 • An execution : ( q 1 , 0 ) 9 Introduction
Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) • An execution : 9 Introduction
Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) → ( q 1 , 1 ) → ( q 2 , 3 ) . . . • An execution : 9 Introduction
Counter machines Finite Automaton + Integer Variables x ′ 1 = x 1 + 2 10 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 ( q 1 , 0 ) → ( q 2 , 2 ) → ( q 1 , 1 ) → ( q 2 , 3 ) . . . • An execution : • The reachability set : Reach ( S , ( q 1 , 0 )) = { q 1 } × N ∪{ q 2 } × N \ { 0 , 1 } ∪{ q 3 } × N \ { 0 , . . . , 9 } 9 Introduction
Verification of counter machines Theorem [Minsky 67] The reachability problem is undecidable for 2-counter machines For some classes reachability is decidable • Petri nets or VASS [Kosaraju 82, Mayr 84] • Reversal-bounded counter machines [Ibarra 78] • Flat and flattable counter machines [Finkel & Leroux 02] • How to represent the reachability set of a counter machine ⇒ With semi-linear sets / Presburger arithmetic • FAST : A tool to compute semi-linear reachability set [Leroux et al. 03] 10 Introduction
Outline Introduction 1 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL Verification of programs with lists 3 Conclusion 4 11 Introduction
Outline 1 Introduction 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL 3 Verification of programs with lists Conclusion 4 12 Verification of counter machines
Motivation Find classes of counter machines for which reachability problems are decidable 13 Verification of counter machines
Motivation Find classes of counter machines for which reachability problems are decidable Even better: Find classes of counter machines for which the reachability set can be computed 13 Verification of counter machines
Ibarra-reversal-bounded counter machines Definition [Ibarra78] A counter machine ( S , c 0 ) is Ibarra-reversal-bounded iff there exists a k ∈ N s.t. in all the executions of S leaving from c 0 , each counter does at most k alternations between increasing and decreasing mode. x ′ 1 = x 1 + 2 3 ≤ x 1 ? q 1 q 2 q 3 x ′ 1 = x 1 − 1 Not Ibarra-reversal-bounded (with c 0 = ( q 1 , 0 ) ) 14 Verification of counter machines
Ibarra-reversal-bounded counter machines Definition [Ibarra78] A counter machine ( S , c 0 ) is Ibarra-reversal-bounded iff there exists a k ∈ N s.t. in all the executions of S leaving from c 0 , each counter does at most k alternations between increasing and decreasing mode. 3 ≤ x 1 ? q 1 q 3 x ′ 1 = x 1 + 1 Ibarra-reversal-bounded (with c 0 = ( q 1 , 0 ) ) 14 Verification of counter machines
Counter machines with computable semi-linear reachability set Bounded 15 Verification of counter machines
Counter machines with computable semi-linear reachability set [Ibarra 78] Ibarra Reversal Bounded Bounded 15 Verification of counter machines
Counter machines with computable semi-linear reachability set [Leroux & Sutre 05] Flattable (termination of FAST ) Ibarra Reversal Bounded Bounded 15 Verification of counter machines
A not Ibarra-reversal-bounded counter machine S x ′ = x + 1 q 1 q 2 x ′ = x − 1 • ( S , ( q 1 , 0 )) is not Ibarra-reversal-bounded • Reach ( S , ( q 1 , 0 )) = { ( q 1 , 0 ) , ( q 2 , 1 ) } is finite hence semi-linear ⇒ Extend the notion of reversal-bounded 16 Verification of counter machines
Reversal-bounded counter machines Definition [MFCS 08] A counter machine ( S , c 0 ) is k -reversal- b -bounded iff each counter does at most k alternations over the bound b . b . . . . . . 17 Verification of counter machines
Reversal-bounded counter machines Definition [MFCS 08] A counter machine ( S , c 0 ) is k -reversal- b -bounded iff each counter does at most k alternations over the bound b . b . . . . . . Remarks : • Ibarra-reversal-bounded counter machines are reversal-0-bounded • b -bounded counter machines are 0-reversal- b -bounded 17 Verification of counter machines
Counter machines with computable semi-linear reachability set Ibarra Reversal Bounded Bounded 18 Verification of counter machines
Counter machines with computable semi-linear reachability set [MFCS 08] Reversal Bounded Ibarra Reversal Bounded Bounded 18 Verification of counter machines
Counter machines with computable semi-linear reachability set Flattable (termination of FAST ) Reversal Bounded Ibarra Reversal Bounded Bounded 18 Verification of counter machines
Can we decide if a counter machine is reversal-bounded ? Undecidability [MFCS 08] The following problems are undecidable for counter machines 1. Reversal-boundedness 2. k -reversal-boundedness (for a fixed k ) 3. Reversal- b -boundedness (for a fixed b ) 19 Verification of counter machines
Can we decide if a counter machine is reversal-bounded ? Undecidability [MFCS 08] The following problems are undecidable for counter machines 1. Reversal-boundedness 2. k -reversal-boundedness (for a fixed k ) 3. Reversal- b -boundedness (for a fixed b ) Decidability [MFCS 08] 1. Verifying if a counter machine is k -reversal- b -bounded is decidable 2. Verifying if a VASS is reversal-bounded is decidable 19 Verification of counter machines
Verifying counter machines using reversal-bounded counter machines Require: S a counter machine; Require: ( q 0 , v 0 ) an initial configuration; Ensure: C a set of configurations; 1: C = { ( q 0 , v 0 ) } , k = 0, b = 0 2: while Post ( S , C ) �⊆ C do k = k + 1 3: b = b + 1 4: Choose an unfolding S k , b of S which is k -reversal- b - 5: bounded C = Reach ( S k , b , ( q 0 , v 0 )) 6: 7: end while 8: return C 20 Verification of counter machines
Outline 1 Introduction 2 Verification of counter machines Reversal-bounded counter machines Model-checking counter machines with freeze LTL 3 Verification of programs with lists Conclusion 4 21 Verification of counter machines
Motivation Describe the temporal behavior of a counter machine How ? Temporal logics • linear time : LTL [Pnueli 77] • branching time : CTL [Clarke & Emerson 82] • CTL ∗ [Emerson & Halpern 83] ⇒ Do not allow to speak about the values of the counter 22 Verification of counter machines
Recommend
More recommend