verification techniques for
play

Verification Techniques for Object Invariants Peter Mller - PowerPoint PPT Presentation

Dec 03, 2023 •311 likes •503 views

A Unified Framework for Verification Techniques for Object Invariants Peter Mller Microsoft Research Joint work with Sophia Drossopoulou and Adrian Francalanza 2 Object Invariants Express consistency criteria of objects Support

  1. A Unified Framework for Verification Techniques for Object Invariants Peter Müller Microsoft Research Joint work with Sophia Drossopoulou and Adrian Francalanza

  2. 2 Object Invariants  Express consistency criteria of objects  Support induction scheme - Established by constructors - Preserved by all methods - Potentially broken within method body  Challenges - Call-backs - Multi-object invariants - Subclass invariants Peter Müller – FOOL 2008

  3. 3 Textbook Solution class C { class Client { int a, b; C c; invariant 0 ≤ a < b; invariant c.a ≤ 10 ; } C( ) { a := 0; b := 3; } Assume invariant  void m( ) { class Sub extends C { int k := 10 / ( b – a ); invariant a ≤ 10 ; Prove a := a + 3; } invariant of n( ); C and its b := ( k + 4 ) * b; subclasses } class Client { void set(C c) { c.a := -1; } n( ) { m( ); } } } Peter Müller – FOOL 2008

  4. 4 Verification Techniques Differ in  Invariant semantics - When are which invariants expected to hold?  Admissible invariants - Which objects may an invariant depend on  Proof obligations - What has to be proven when?  Program restrictions - Which objects may receive method calls or field updates?  Type systems Peter Müller – FOOL 2008

  5. 5 Approach  Develop formal framework - Independent of type system and verification logic - Characterize techniques in terms of 7 framework parameters  Define soundness - Identify 5 criteria on framework parameters that are sufficient for soundness  Instantiate framework - Obtain six techniques from the literature Peter Müller – FOOL 2008

  6. 6 Areas and Regions  Object areas - Describe sets of objects - Assume (do not define) interpretation [[ a ]]h,o  dom( h )  Invariant regions - Describe sets of object-class pairs - Assume (do not define) interpretation [[ r ]]h,o  { (o’, C) | class(o’) <: C } Peter Müller – FOOL 2008

  7. 7 Areas and Regions: Example  Areas a ::= self | any [[ self ]]h,o = { o } [[ any ]]h,o = dom( h )  Regions r ::= emp | self | any [[ emp ]]h,o = { } [[[ self ]]h,o = { (o, C) | class(o) <: C } [[ any ]]h,o = { (o’, C) | class(o’) <: C } Peter Müller – FOOL 2008

  8. 8 Framework Parameters  Invariant semantics - X (C) Invariants expected at visible states of C.m - V (C) Invariants possibly violated by C.m  Admissible invariants - D (C) Invariants depending on C fields  Proof obligations - P (C, a ) Proof obligation for C.m before calls in a - E (C) Proof obligation C.m before end  Program restrictions - U (C,D) Objects whose D-fields may be updated by C.m - C (C,D) Objects whose D-methods may be called from C.m Peter Müller – FOOL 2008

  9. 9 Meaning of Parameters: Example invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; // check ( this ,C) is in D invariant 0 ≤ this .a < this .b; void m( ) { void m( ) { void m( ) { void m( ) { void m( ) { // assume X // assume X int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); int k := 10 / ( b – a ); // check this is in U // check this is in U // check this is in U this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; this .a := this .a + 3; // prove P X \ V holds // check this is in C // check this is in C // check this is in C this .n( ); this .n( ); this .n( ); this .n( ); this .n( ); this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; // check this is in U this .b := ( k + 4 ) * this .b; this .b := ( k + 4 ) * this .b; // prove E // assume X // assume X } } } } } Peter Müller – FOOL 2008

  10. 10 Parameters: Textbook Invariants Textbook X (C) any V (C) self D (C) self P (C, a ) emp E (C) self U (C,D) self C (C,D) any Peter Müller – FOOL 2008

  11. 11 Programming Language  Expressions and types e ::= this | x | … | e& prove r t ::= C a  Runtime expressions e ::= o| s∙e | … | FatalExc | VerifExc  Assume judgment: h ╞ o,C  Assume (do not define) type system  ├ e : C a - Main judgment - Make requirements (soundness, etc.) Peter Müller – FOOL 2008

  12. 12 Invariant Semantics  Method calls h ╞ [[ X ]]h,s( this ) h ╞ [[ X ]]h,s( this ) s ∙ call e,h → s ∙ ret e,h s ∙ call e,h → FatalExc,h  Method termination h ╞ [[ X ]]h,s( this ) h ╞ [[ X ]]h,s( this ) s ∙ ret v,h → v,h s ∙ ret v,h → FatalExc,h  Proof obligation h ╞ [[ r ]]h,s( this ) h ╞ [[ r ]]h,s( this ) s ∙v& prove r ,h → v,h s ∙v& prove r ,h → VerifExc,h Peter Müller – FOOL 2008

  13. 13 Verified Programs  Field updates: check area  ├ e : C a a  U (class(  ),C’) C has field f defined in C’ …  ├ vf e.f := e’  Method calls: check area, verify invariants  ├ e : C a a  C (class(  ),C’) C inherits m from C’ …  ├ vf e.m(e’ & prove P (C’, a )) Peter Müller – FOOL 2008

  14. 14 Soundness  A verification technique is sound if the following properties hold for each well-typed, verified program P:  Execution of P does not lead to FatalExc  In each execution state  of P, the following properties hold for each stack frame for a method C.m: - The invariants in X (C) \ V (C) hold - If  is a visible state of m, the invariants in X (C) hold Peter Müller – FOOL 2008

  15. 15 Soundness Criteria S1: a  C (C,D)  ( a  X (D)) \ ( X (C) \ V (C))  P (C, a ) S2: V (C)  X (C)  E (C) C (C,D)  ( V (D) \ X (D) )  V (C) S3: U (C,D)  D (D)  V (C) S4: X (C)  X (D) C <: D  S5: V (C) \ X (C)  V (D) \ X (D) Peter Müller – FOOL 2008

  16. 16 Soundness Theorem A verification technique that satisfies S1 – S5 is sound Peter Müller – FOOL 2008

  17. 17 Soundness: Textbook Invariants any \ ( X (C) \ V (C))  P (C, a ) any \ (any \ self)  emp a  C (C,D)  ( a  X (D)) \ ( X (C) \ V (C))  P (C, a ) X (C) any V (C) self self  any  self V (C)  X (C)  E (C) D (C) self any  (self \ any)  self P (C, a ) C (C,D)  ( V (D) \ X (D) )  V (C) emp E (C) self self  self  self U (C,D)  D (D)  V (C) U (C,D) self C (C,D) any any  any X (C)  X (D) C <: D  C <: D  self \ any  self \ any V (C) \ X (C)  V (D) \ X (D) Peter Müller – FOOL 2008

  18. 18 Summary  Parametric w.r.t. underlying type system and verification logic  Abstract explanation how technique works  Criteria for comparisons  Guidelines for the development of further techniques  Instantiation for six techniques from the literature, found one unsoundness Peter Müller – FOOL 2008

Recommend

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique Cortier INRIA project Cassis, Loria CNRS, Nancy, France French/Japanese Symposium on Computer Security - Sept. 6th, 2005 Verification of

605 views • 46 slides
Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja, Borut Zupan ci c EOOLT10, Oslo, 3. 10. 2010 Introduction Model verification assures that implemented model corresponds to the conceptual

562 views • 17 slides
State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

Title Page State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct Circuits, European Joint Conference on Theory and Practice of Software, Grenoble, France april 6-7 2002 Yannis Bres, CMA-EMP / INRIA

422 views • 20 slides
SMT-based model checking techniques for formal software verification of synchronous dataflow

SMT-based model checking techniques for formal software verification of synchronous dataflow

An insight into SMT-based model checking techniques for formal software verification of synchronous dataflow programs Jonathan Laurent Ecole Normale Sup erieure, National Institute of Aerospace, NASA Langley Research Center August 11 th ,

1.01k views • 67 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Would you swallow a robot? The Safety Challenge Autonomous Systems

705 views • 48 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Introduction Formal models Adding equational theories Towards more guarantees Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/45 V eronique

785 views • 76 slides
Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121

Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121

Using Machine Learning Techniques for Verification of Configuration Files DAGSTUHL SEMINAR 18121 RUZICA PISKAC YALE UNIVERSITY Configuration errors mean downtime php.ini with Apache and MySQL ; Engine register_globals = Off ; We do not want

518 views • 39 slides
Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica

Techniques for Evolution-Aware Runtime Verification Owolabi Legunsen, Yi Zhang, Milica Hadi-Tanovi, Grigore Rou, Darko Marinov ICST 2019 4/26/2019 CCF-1421503, CCF-1421575, CCF-1763788, CNS-1619275, CNS-1646305, CNS-1740916 Runtime

448 views • 30 slides
Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by

Practical Techniques for Verification and Validation of Robots Kerstin Eder and with a demo by Dejanira Araiza Illan University of Bristol and Bristol Robotics Laboratory Simulation-based testing Why and how? D. Araiza Illan, D. Western, A.

989 views • 52 slides
Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is

Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is

Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is Algorithmic Verification? Algorithms, Techniques and Tools to ensure that Programs Dont Have Bugs (What does that mean ? Stay tuned. . . )

875 views • 41 slides
Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and

Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and

Verification of Robotic Code and Autonomous Systems Kerstin Eder University of Bristol and Bristol Robotics Laboratory Verification and Validation for Safety in Robots To develop techniques and methodologies that can be used to design

840 views • 51 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011

Tree automata techniques for the verification of infinite state-systems Summer School VTSA 2011 Florent Jacquemard INRIA Saclay &amp; LSV (UMR CNRS/ENS Cachan) florent.jacquemard@inria.fr http://www.lsv.ens-cachan.fr/~jacquema TATA book

2.19k views • 200 slides
Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values, terms, ... Typing and operational semantics JVM Compiler Definition Proof Techniques Compilation and Bytecode Verification

643 views • 18 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Formal Verification of V2I aided Autonomous Driving Ishan Pardesi Dhruv Mahajan A hybrid

Formal Verification of V2I aided Autonomous Driving Ishan Pardesi Dhruv Mahajan A hybrid

Formal Verification of V2I aided Autonomous Driving Ishan Pardesi Dhruv Mahajan A hybrid systems approach 1 The problem Safety of Autonomous cars is paramount! It is important to invest in developing formal verification techniques to

819 views • 34 slides
Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang,

Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang,

Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang, MIT CSAIL Santiago Cuellar, Princeton University Adam Chlipala, MIT CSAIL Verified Compiler Program Verification Techniques

706 views • 35 slides
Intraday Techniques Intraday Techniques Intraday Techniques Intraday Techniques Combining

Intraday Techniques Intraday Techniques Intraday Techniques Intraday Techniques Combining

Intraday Techniques Intraday Techniques Intraday Techniques Intraday Techniques Combining intraday signals with longer time frame support or resistance. 141 Daily chart for support (slide 1 of 2) June 14 We see a solid band of support

979 views • 20 slides
Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and

Verification &amp; Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&amp;V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides

More recommend