16.2.2012 Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 1.
Advertisements

Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Part 3: Safety and liveness
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Chapter 3 The Critical Section Problem
Program Analysis and Verification
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Programming Language Semantics Rely/Guarantee Reasoning Parallel Programs Tal Lev-Ami Viktor Vafeiadis Mooly Sagiv.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Information Security of Embedded Systems : Public Key Cryptosystems, Communication Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
VIDE Integrated Environment for Development and Verification of Programs.
Modeling Software Systems Lecture 2 Book: Chapter 4.
Programming Language Semantics Axiomatic Semantics of Parallel Programs.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
CIS 720 Lecture 5. Techniques to avoid interference Disjoint variables –If the write set of each process is disjoint from the read and write set of other.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer.
Lecture 4 Correctness and Fairness Verification and Assurance.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
Program Analysis and Verification
Agenda  Quick Review  Finish Introduction  Java Threads.
Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer.
Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.
SS 2017 Software Verification Timed Automata
SS 2017 Software Verification Bounded Model Checking, Outlook
SS 2017 Software Verification SMT Solving, Partial Order Methods
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1
Prof. Dr. Holger Schlingloff 1,2 Dr. Esteban Pavese 1
Software Verification 2 Automated Verification
SS 2017 Software Verification Software Model Checking 2 - Parallelism
Formal Methods in Software Engineering 1
Verification of Concurrent Programs
SS 2018 Software Verification LTL Satisfiability applied
SS 2018 Software Verification ML, state machines
SS 2017 Software Verification Tableaus, CTL model checking
Software Verification 2 Automated Verification
Software Verification 2 Automated Verification
Software Verification 2 Automated Verification
CIS 720 Lecture 5.
The Zoo of Software Security Techniques
Program correctness Axiomatic semantics
COMP60621 Designing for Parallelism
Program Analysis and Verification
Presentation transcript:

Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

Folie 2 H. Schlingloff, Software Verification I Talk announcement John Wickerson: Ribbon Proofs for Hoare Logic Proofs in Hoare Logic are usually presented in the form of a "proof outline", in which the program code is interspersed with lots of assertions about the state. Large proof outlines are highly repetitive, and can be very hard to read. This talk introduces a new diagrammatic presentation, called the "ribbon proof", which is far more scalable, flexible and human-intelligible than the proof outline. Friday, , 10:00 Fraunhofer FIRST, 4 th floor (register at clerk)

Folie 3 H. Schlingloff, Software Verification I Concept Language we add the following new constructs to the language of while-programs  {  1 ||  2 } or, more generally, {  1 ||... ||  n }  await (b)  ; semantics  parallel (interleaved) execution of the  i  blocking wait until condition is satisfied; program fragment within await is noninterruptable for simplicity, assignments are atomic actions

Folie 4 H. Schlingloff, Software Verification I A realistic example a=n; b=0; c=1; { while (a!=n-k) {c=c*a; a--;} || while (b!=k) {b++; await (a+b<=n); c=c/b;} } program calculates binomial coefficient

Folie 5 H. Schlingloff, Software Verification I Invariants for Parallel Programs Assume  is a formula such that {  }  {  } for every subprogram  of {  1 ||  2 }. Then {  } {  1 ||  2 } {  } Example: a=0;  : {a++;  : || a--;  :}  : Invariant a==0+  -  (or, more explicit: ( ¬  ¬  a==0   a==0   ¬  a==1  ¬  a==-1) ) int n=0; { for (int i = 0; i<100; i++) n++; || for (int j = 0; j<100; j++) n--;} Invariant n=i-j

Folie 6 H. Schlingloff, Software Verification I Problem with Invariant Method Non-compositionality: In order to show {  }{  1 ||  2 }{  } it is not sufficient to show {  }{  1 }{  } and {  }{  2 }{  } Sequential composition rule (seq): if ⊢ {  }  1 {  } and ⊢ {  }  2 {  }, then {  }{  1 ;  2 }{  } ? if ⊢ {  1 }  1 {  1 } and ⊢ {  2 }  2 {  2 }, then {  1   2 }{  1 ||  2 }{  1   2 }

Folie 7 H. Schlingloff, Software Verification I Hoare-Rule for Parallel Programs Susan Owicki, 1975: If ⊢ {  1 }  1 {  1 } and ⊢ {  2 }  2 {  2 }, then ⊢ {  1  2 } {  1 ||  2 } {  1  2 }, if the proofs of {  1 }  1 {  1 } and {  2 }  2 {  2 } are interference free Two proofs are interference-free, if for any two Hoare triples {  a }  a {  a } in {  1 }  1 {  1 } and {  b }  b {  b } in {  2 }  2 {  2 } it holds that {  a  b }  a {  b } Example: {x=0  x=2} x++ {x=1  x=3} interferes with {x=0} x+=2 {x=2} but not with {x=0  x=1} x+=2 {x=2  x=3}

Folie 8 H. Schlingloff, Software Verification I Hoare-Owicki-Proof {x==0  x==-1} x++ {x==1  x==0} {x==0  x==1} x-- {x==-1  x==0} Interference freedom:  {x==0  x==-1  x==0  x==1} x++ {x==0  x==1}  {x==0  x==1  x==0  x==-1} x-- {x==0  x==-1} Therefore, {x==0  x==-1  x==0  x==1} {x++||x--} {x==1  x==0  x==-1  x==0} {x==0} {x++||x--} {x==0} Proof does not work for {x==0} {h=x; h++; x=h; || h=x; h--; x=h;} {x==0}

Folie 9 H. Schlingloff, Software Verification I Proof (scetch) of example program a=n; b=0; c=1; // calculate n over k { while (a!=n-k) {c=c*a; a--;} || while (b!=k) {b++; await (a+b<=n); c=c/b;} } Idea: at the await it holds that c=(n*(n-1)*...*(n-j+1)/1*2*...*(i-1) a=n-j, b=i If a+b<=n, then i<=j. In this case, c is divisible by j:  n is divisible by 1  n*(n-1) is divisible by 2  n*(n-1)*(n-2) is divisible by 2 and 3  n*(n-1)*(n-2)*(n-3) is divisible by 1*2*3*

Folie 10 H. Schlingloff, Software Verification I Further Properties of Parallel Programs Termination: as in sequential case Fairness: b=1; {b=0; || while(b) skip} Mutual exclusion: always not both in c1 and c2  {while (1) {await(b) b=0; c1; b=1; nc1;} || while(1) {await(b) b=0; c2; b=1; nc2; }}  generalized: reader-writer-problem deadlock freedom, livelock freedom Two main classes of properties:  safety: all reachable states satisfy some invariant - “something bad never happens”  liveness: eventual reachability of states - “something good eventually happens”

Folie 11 H. Schlingloff, Software Verification I Outlook Software Verification 2 Automated Verification modeling model checking abstract interpretation abstraction refinement test generation