verification
play

Verification Suvam Mukherjee Programming Languages Laboratory, - PowerPoint PPT Presentation

Mar 06, 2023 •112 likes •743 views

Fun with Program Analysis and Verification Suvam Mukherjee Programming Languages Laboratory, Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 1

  1. Fun with Program Analysis and Verification Suvam Mukherjee Programming Languages Laboratory, Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 1

  2. BACKGROUND I’m from the Programming Languages Laboratory!  7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 2

  3. What’s done in the PL Lab? If doubts encompass you regarding Java, Python or C, T o end your quest, in PL Lab you should be… 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 3

  4. Deepak D’Souza K V Raghavan Aravind Aastha Raghavendra Tejas Narendran Girish Raveendra Remish Suvam 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 4

  5. Related Laboratories • SEAL (Software Engineering and Analysis Laboratory): Dr. Aditya Kanade • Scalable Software Systems Lab: Dr. Murali Krishna Ramanathan • Compilers Laboratory: Prof. Y N Srikant • Multicore Computing Laboratory: Dr. Uday Kumar Reddy 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 5

  6. Why analyze/verify programs? Ariane-5 Rocket Explosion 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 6

  7. Suvam Mukherjee, CSA 7/8/2013 11:56:35 AM 7 Courtesy: YouTube

  8. Ariane 5 Rocket Explosion • Crashed on June 4, 1996 • “…it crashed 36 seconds after the launch due to a conversion of a 64-bit floating point to a 16- bit integer value” [ Principles of Model Checking, Baier and Katoen] 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 8

  9. Why analyze/verify programs? Therac 25 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 9

  10. 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 10

  11. Therac-25 • Radiation Therapy Machine • Caused the death of 6 cancer patients between 1985-87 due to radiation overdose • “ The accidents occurred when the high-power electron beam was activated instead of the intended low power beam…Therac -25 had removed them, depending instead on software interlocks for safety. The software interlock could fail due to a race condition. “ [Wikipedia] 7/8/2013 11:56:35 AM Suvam Mukherjee, CSA 11

  12. Races temp = x; x = 0 if (temp >= 0) x = -1 { // Operation } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 12

  13. Races temp = x; x = 0 if (temp >= 0) x = -1 { // Operation } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 13

  14. Why analyze/verify programs? I could go on forever… 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 14

  15. Why analyze/verify programs? • Information and Communication T echnologies have become ubiquitious • Incorrect software could have catastrophic consequences • Formal techniques to analyze/verify programs, to either improve performance or to make sure it doesn’t do something bad 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 15

  16. Analysis of Flow of Data Abstract Interpretation 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 16

  17. Example int i = 0; while(true) { i++; } 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 17

  18. Control Flow Graph A i = 0 B [true] C id Is i ever negative at this program i++ location? D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 18

  19. A Iteration #1 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 19

  20. A Iteration #2 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 20

  21. A Iteration #3 i = 0 B [true] C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 21

  22. A Iteration #3 i = 0 When do we B stop? [true] NEV EVER!!! ER!!! C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 22

  23. Issue • Variable i takes a value from an infinite domain: Integers • The more paths we cover, the more information we obtain • But we don’t need such precision! • Solution: Over-approximate the values i can assume at any program point -2 3 >-3 99 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 23

  24. 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 24

  25. A Over- approximations i = 0 B Join Over [true] All Paths (JOP) C id i++ D 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 25

  26. Depends on what kind of analysis you are interested in How do we over-approximate? There are several “candidate” over - approximated values (possibly infinite). Which one to choose? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 28

  27. T ailoring Values to the Property odd/even odd even Exercise : {odd} x++ {?} 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 30

  28. Definition • Concrete State: a snapshot of the memory x = x + y x = 0, x = 5, y = 5 y = 5 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 31

  29. What We Need 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 33

  30. x = 5 x >= 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 34

  31. What we need • Doma main in of over-approximated values Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 35

  32. x = 5 x >= 0 x ++ x >= 1 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 36

  33. What we need • Doma main in of over-approximated values • Transfer sfer Function nctions: Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 37

  34. x = 5 x >= 0 x ++ x >= 1 x >= 0 x >= 0 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 38

  35. What we need • Doma main in La Latt ttice ice of over-approximated values • Transfer sfer Function nctions: 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 39

  36. Lattice • A lattice is a partially ordered set, where every pair of elements has a least upper bound and a greatest lower bound. 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 42

  37. Lattice Upper Bound Least Upper Bound 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 43

  38. Lattice Exercise 7/8/2013 11:56:36 AM Courtesy: Deepak D’Souza 44

  39. Lattice • A lattice is a partially ordered set, where every pair of elements has a least upper bound and a greatest lower bound. Is that enough? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 45

  40. . . . What is the least upper bound of the set of Natural Numbers? 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 46

  41. Complete Lattice • A complete lattice is a partially ordered set, where any subset of elements has a least upper bound and a greatest lower bound. 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 47

  42. . . . 7/8/2013 11:56:36 AM Suvam Mukherjee, CSA 48

  43. What we need • Doma main in Comp mplet lete e La Lattic ttice of over- approximated values. Lattice must be of finite height for termination. • Transfer sfer Function nctions: Is that enough? 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 51

  44. Concretization Function i = 3 3 i = 87 i = 0 0 i = 88 i >= 0 i = 5 599 i = 10 i = 1 1 i = 100 i = 14 i = 2 2 i = 99 i = 33 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 52

  45. Concretization Function 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 53

  46. What we need • Doma main in Comp mplet lete e La Lattic ttice of over- approximated values. Lattice must be of finite height for termination. • Transfer sfer Function nctions: • Concr ncretizati etization on Funct nction: ion: Is that enough? YES  7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 54

  47. Summary • Usual way of viewing programs: evolution of states • Given a property, “tailor” an abstract domain • Run the program with abstract values • Have fun • What if I need a proof of program correctness? 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 55

  48. Proving Programs Correct Hoare Style Proofs Weakest Preconditions and Interpolants 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 56

  49. Problem Given a program, with a given pre-condition and post-condition, give a proof of correctness of the program 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 57

  50. Proof of Correctness • Consider any state satisfying P . Then, on executing S , if S terminates, we will be in a state satisfying Q . • Also known an a “ Hoare Triple ” 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 58

  51. Hoare Style Proofs • An Axiomatic Basis for Computer Programming: C.A.R Hoare • Annotate each vertex of the CFG with a formula • Key to the proof are the Hoare Triples {P {P} } S {Q {Q} 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 59

  52. Hoare Triples x = 1 x > -5 x = 2 P Q S x++ x >= 0 x >= 1 Q over-approximates the set of states reachable from P on executing S . 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 60

  53. Hoare Triple: Example int i = 0; y = 1; {y = i 3 } {True} for(; i<3; i++) y = y * i 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 61

  54. Example 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 63

  55. n>0 i = 0 n>0 (n>0, i = 0) int i =0; [i<n] while (i < n) [i>=n] { id n >= i i++; } i++ (i = n) n >= i (i = n) 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 64

  56. TRUE TRUE TRUE 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 65

  57. Weakest Precondition/Strongest Postcondition 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 66

  58. Verification Condition 7/8/2013 11:56:37 AM Suvam Mukherjee, CSA 67

Recommend

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Asset Verification Service Kick-Off 11/8/18 Introduce Project Team

253 views • 14 slides
Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying

Test and Verification Solutions The Verification Experts Essentials for Developing and Deploying SV-based VIP DV Club Presentation (23 April 2012) NEED FOR VERIFICATION IP Why do we need VIPs? Time To Market Ready-to-integrate models

403 views • 22 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

UMBC A B M A L T F O U M B C I M Y O R T 1 (11/26/07) I E S R C E O V

VLSI Design Verification and Test Simulation CMPE 646 Design Verification Simulation used for 1) design verification : verify the correctness of the design and 2) test verification. Design verification: Specification Critical or

426 views • 15 slides
Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary

Design Verification with e The language e Contains all the constructs necessary for a complete verification tool Allows objects in the verification environment to be extended Needs to express constraints Coverage

946 views • 80 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! Asset Verification Service

244 views • 9 slides
Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of

Welcome! Asset Verification Service (AVS) The purpose of AVS is to automate verification of assets for initial and re-determinations for OSIP-M consumers without SSI. Reminder: Please turn up your volume! AVS Project Update 12/27/2018 AVS

245 views • 8 slides
9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification

9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification

9/24/2020 Verification SY 2020-2021 Objectives Identify the steps required for Verification Calculate an accurate sample size and verify the correct number of applications Learn and follow the Verification timelines and procedures

123 views • 11 slides
SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification

SAT-based verification (BMC, temporal induction) Mary Sheeran, Chalmers SAT-based verification now hot Used here in Sweden since 1989 mostly in safety critical applications (railway control program verification) Bounded Model Checking a

468 views • 25 slides
Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Verification Process Self-Verification Training Tom Wolf, Governor 1 &gt; Pedro Rivera,

Verification Process Self-Verification Training Tom Wolf, Governor 1 &gt; Pedro Rivera,

EI Self-Verification Training Early Intervention Verification Process Self-Verification Training Tom Wolf, Governor 1 &gt; Pedro Rivera, Secretary of Education | Ted Dallas, Secretary of Human Services EI Self-Verification Training

445 views • 15 slides
Verification Reporting Public and Nonpublic Verification Collection Report Deb Linderblood

Verification Reporting Public and Nonpublic Verification Collection Report Deb Linderblood

Verification Reporting Public and Nonpublic Verification Collection Report Deb Linderblood October, 2014 1 Verification Collection Report Verification Collection Report or FNS 742 FNS stands for Food and Nutrition Services Same

752 views • 64 slides
Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim

Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim

Multi-Valued Verification 7 th International Verification Methods Workshop VKU Forum, Berlin Tim Bullock &amp; Nelson Shum Meteorological Service of Canada (MSC) 2017-05-09 Contents The Case for Multi-valued Verification (MVV)

278 views • 23 slides
About the Course Software Testing &amp; Verification Course Software Testing &amp; Verification

About the Course Software Testing &amp; Verification Course Software Testing &amp; Verification

About the Course Software Testing &amp; Verification Course Software Testing &amp; Verification 2019/20 Wishnu Prasetya &amp; Gabriele Keller Why do we care? 1. Because we want to deliver quality products! 2. Because poor quality, including

493 views • 16 slides
SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta

SAT-based Verification Methods and Applications in Hardware Verification Aarti Gupta agupta@nec-labs.com NEC Laboratories America Princeton, U.S.A. Acknowledgements: Pranav Ashar, Malay Ganai, Zijiang Yang, Chao Wang, Akira Mukaiyama,

1.31k views • 118 slides
Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting

3/21/2011 Hardware description and verification http://www.cse.chalmers.se/edu/course/TDA956/ Getting hardware designs right [using ideas from computer science] Mary Sheeran Verification Design verification is the task of establishing that a

598 views • 15 slides
Logic for Verification Jo ao Martins August 4, 2012 J. Martins () Logic for Verification

Logic for Verification Jo ao Martins August 4, 2012 J. Martins () Logic for Verification

Logic for Verification Jo ao Martins August 4, 2012 J. Martins () Logic for Verification August 4, 2012 1 / 96 1 Introduction 2 Syntax 3 Semantics 4 Verification Truth Tables Resolution Natural Deduction 5 Beyond Propositional Logic

1.39k views • 106 slides

More recommend