Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Slides:

Advertisements

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 15 January 2009 Séminaire Digiteo Orsay, France.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania

Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.

50.530: Software Engineering

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Satisfiability Modulo Theories (An introduction)

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,

Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

Proof translation from CVC3 to Hol light Yeting Ge Acsys Mar 5, 2008.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.

Software Engineering: Where are we? And where do we go from here? V Software Engineering Lecture 23 Clark Barrett New York University 4/17/2006.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Interpolants [Craig 1957] G(y,z) F(x,y)

Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 0 LASER.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Quantifier Elimination Procedures in Z3 Support for Non-linear arithmetic Fixed-points – features and a preview.

K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Caltech Pasadena, CA 12 November 2009.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

1. Topics to be discussed Introduction Objectives Testing Life Cycle Verification Vs Validation Testing Methodology Testing Levels 2.

Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.

SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.

Axiomatic Methods for Software Verification Hongseok Yang.

Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.

Synthesis with the Sketch System D AY 1 Armando Solar-Lezama.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Ruzica Piskac Max Planck Institute for Software Systems, Germany.

Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,

Boolean Satisfiability Present and Future

Verification & Validation By: Amir Masoud Gharehbaghi

Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.

Welcome to CS 477 Formal Methods in Software Development Spring 2011 Madhusudan Parthasarathy ( Madhu )

Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.

Model Counting with Applications to CodeHunt Willem Visser Stellenbosch University South Africa.

This Week Lecture on relational semantics Exercises on logic and relations Labs on using Isabelle to do proofs.

( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.

Logic Engines as a Service Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View Basic Concepts and Background.

1 A framework for eager encoding Daniel Kroening ETH, Switzerland Ofer Strichman Technion, Israel (Executive summary) (submitted to: Formal Aspects of.

Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.

© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,

Formal Verification – Robust and Efficient Code Lecture 1

Mostly-Automated Verification of Low-Level Programs in Computational Separation Logic Adam Chlipala Harvard University PLDI 2011.

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

Types for Programs and Proofs

SS 2017 Software Verification Software Model Checking 2 - Parallelism

Lazy Proofs for DPLL(T)-Based SMT Solvers

Software engineering – 1

runtime verification Brief Overview Grigore Rosu

Automating Induction for Solving Horn Clauses

Over-Approximating Boolean Programs with Unbounded Thread Creation

Clark Barrett Analysis of Computer Systems Group

Automatic Test Generation SymCrete

The Zoo of Software Security Techniques

CSE 1020:Software Development

Follow-up of MoU objectives

Rich Model Toolkit – An Infrastructure for Reliable Computer Systems

Presentation transcript:

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI Computer Science Lab, Menlo Park)

Stellenbosch?

Automated Deduction Software Engineering Verification

Automated deduction uses computation to perform symbolic logical reasoning * * [101] Shankar. Automated deduction for verification. ACM Computing Surveys Is a logical formula φ valid? or is there a counter-example? in which case !φ is satisfiable φ valid iff !φ unsatisfiable

Is a logical formula φ satisfiable? Is there a Model that satisfies φ? Satisfiability checking procedures are the cornerstone of automated deduction

We tend to want to know about our code … Given that we have a specification of what is expected

φ Program Specification Logic Formula Automated Deduction Tool

LogicsTechniques First-order logic Automated Theorem Proving Propositional logicSAT Solvers Expressiveness Automation From around the early-mid 1990s SAT solvers improved dramatically

Program φ Logic Formula Integer arithmetic Arrays BitVectors Floating point Strings Linear integers Heaps Machine integers Features Floating point Theories Strings + Satisfiability Modulo Theories (SMT) Solvers Fully Automated Satisfiability Checkers Perfect fit for solving Software Engineering problems

Verification Full automation is not always possible Formulas to prove can fall outside of decidable fragment Even if it can be proved it might be too slow or require tricky invariants Requires human interaction Proof Environments

Too much manual effort seL4 microkernel verification took 20 man years using Isabelle/HOL Program Verifiers are more domain specific they verify annotations in the code holds Spec# ESC-Java

Model Checking Explicit stateSymbolic Predicate Abstraction with CEGAR BDDsSAT SLAMBLAST(Nu)SMVCBMC is M a model for φ

Symbolic Execution void test(int x, int y) { if (y == x*10) S0; else S1; if (x > 3 && y > 10) S2; else S3; } [ Y=X*10 ] S0 [ X>3 & 10<Y=X*10] S2 [ true ] test (X,Y) [ Y!=X*10 & !(X>3 & Y>10) ] S3 [ Y!=X*10 ] S1 [ Y=X*10 & !(X>3 & Y>10) ] S3 [ X>3 & 10<Y!=X*10] S2 SMT solvers check feasibility Test cases derived from models

Concolic Dynamic SE void test(int x, int y) { if (y == x*10) S0; else S1; if (x > 3 && y > 10) S2; else S3; } [ Y=X*10 ] S0 [ X>3 & 10<Y=X*10] S2 [ true ] test (0,1) [ Y!=X*10 & !(X>3 & Y>10) ] S3 [ Y!=X*10 ] S1 [ Y=X*10 & !(X>3 & Y>10) ] S3 [ X>3 & 10<Y!=X*10] S2 Pick random inputs Collect PC during execution Negate one of the conditions If feasible derive new inputs [ Y!=X*10 & (X>3 & Y>10) ] => Test(4,11)

(Dynamic) Symbolic Execution is the poster child for the positive effect of AD in SE An idea from the early 1970s that only sprang to life in late 1990s due to the advances in SAT/SMT solving

Automated Deduction Software Engineering In the past currently

SE drivers for AD Heaps Locally finite theories with limited quantification Data structuresMonadic 2 nd Order Logic (Bounded) Software Model Checking Horn Clauses SecurityStrings Reliability and Information Flow Model Counting (#SAT)

Not good enough any more For test case generation we need models High-integrity code need certifiable proofs Fault localization and repair need unsatisfiable cores Reliability analysis need number of solutions

Informal Survey of SE Researchers What would you like to see most from an Automated Deduction tool? Black-box with limited visibility to internals White-box that exposes inner workings Want to know why not just what

Lessons from Automated Deduction Competitions/Benchmarking Interoperability TPTP DIMACS SMT-LIB2 vs CASC (1996) SMT-COMP (2005) vs SATE (2008) SV-COMP and RERS (2012) SyGus-COMP (2014)

Some New Trends in SE Synthesis Education Sketching * harness void doubleSketch(int x){ int t = x * ??; assert t == x + x; } * Learning to Code

Some More Trends Probabilistic Analysis Reliability [ X>3 & 10<Y=X*10] [ X>3 & 10<Y!=X*10] [ Y!=X*10 & !(X>3 & Y>10) ] [ Y=X*10 & !(X>3 & Y>10) ] y=10x x>3 & y>

Automated Deduction Software Engineering In the past currently Black-box with limited visibility to internals White-box that exposes inner workings Want to know why not just what