HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA.

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Eugene Syriani Jeff Gray University of Alabama Software Engineering Group Department of Computer Science College of Engineering.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
CS 355 – Programming Languages
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Advanced Compilers CSE 231 Instructor: Sorin Lerner.
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
1 Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Overview of program analysis Mooly Sagiv html://
Describing Syntax and Semantics
Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Overview of program analysis Mooly Sagiv html://
Scalable and Flexible Static Analysis of Flight-Critical Software Guillaume P. Brat Arnaud J. Venet Carnegie.
Mathematics throughout the CS Curriculum Support by NSF #
A Pragmatic View of Formal Methods The Hi-Lite Project Robert B K Dewar SSS ‘11 President & CEO, AdaCore Emeritus Professor of Computer.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
A Portable Virtual Machine for Program Debugging and Directing Camil Demetrescu University of Rome “La Sapienza” Irene Finocchi University of Rome “Tor.
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
Department of Computer Science A Static Program Analyzer to increase software reuse Ramakrishnan Venkitaraman and Gopal Gupta.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
Quantum Programming Languages for Specification and Optimization Fred Chong UC Santa Barbara Ken Brown, Ravi Chugh, Margaret Martonosi, John Reppy and.
Chapter 25 Formal Methods Formal methods Specify program using math Develop program using math Prove program matches specification using.
Type Systems CS Definitions Program analysis Discovering facts about programs. Dynamic analysis Program analysis by using program executions.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.
Model construction and verification for dynamic programming languages Radu Iosif
Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.
© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.
© Andrew IrelandDependable Systems Group Invariant Patterns for Program Reasoning Andrew Ireland Dependable Systems Group School of Mathematical & Computer.
Quality Assurance.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
Page 1 5/2/2007  Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk  Arnaud Venet Kestrel Technology.
3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.
Semantics In Text: Chapter 3.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
An Axiomatic Basis for Computer Programming Robert Stewart.
Chapter 2.11 Program Validation. Reliable System = Reliable Hardware AND Reliable Software AND Compatible Hardware and Software.
Computer Science School of Computing Clemson University Mathematical Reasoning with Objects.
Introduction to Software Analysis CS Why Take This Course? Learn methods to improve software quality – reliability, security, performance, etc.
Duminda WijesekeraSWSE 623: Introduction1 Introduction to Formal and Semi- formal Methods Based on A Specifier's Introduction to Formal Methods (J. Wing)
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
Secure Programming with Static Analysis Brian Chess, Ph.D.
Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.
Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.
CS 5150 Software Engineering Lecture 21 Reliability 2.
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 8: Static Analysis II Roman Manevich Ben-Gurion University.
SDN Network Updates Minimum updates within a single switch
Formal Methods in Software Engineering 1
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
Programming Languages 2nd edition Tucker and Noonan
Algorithm Correctness
Predicate Transformers
The Zoo of Software Security Techniques
Automatic Abstraction of Microprocessors for Verification
Gradual Verification Seamlessly and flexibly combine static and dynamic verification by drawing on the general principles from abstract interpretation.
Programming Languages 2nd edition Tucker and Noonan
Presentation transcript:

HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA

© 2006 SofCheck, Inc. S. Tucker Taft, 2 Outline  Advanced Static Analysis for Correctness and Security Checking  Formal Proof  Model Checking  Flow Analysis, Abstract Interpretation, Symbolic Execution  Future Challenges and Directions

© 2006 SofCheck, Inc. S. Tucker Taft, 3 Advanced Static Analysis  Correctness and Security Checking -Not just “style” checking  Application-specific Correctness and Security relative to formal specification of application -Or  Application-independent Correctness / Meaningfulness / Run-Time-Failure-Free-ness / Security relative to language specification  Discovery of Properties?

© 2006 SofCheck, Inc. S. Tucker Taft, 4 Formal Proof  Traditionally seen as proving (partial or total) correctness relative to formal application specification  Generally not fully automated, can get “stuck” on loops and recursion needing human intervention to suggest invariants -Progress is being made on achieving lights out proof systems  Reputation for only being able to handle small systems -Some > 100KLOC systems have now been “proved” correct  Hoare Verification Grand Challenge -Push the envelope on automated formal verification  Formal proof systems can be used to prove application-independent properties -Freedom from run-time exceptions

© 2006 SofCheck, Inc. S. Tucker Taft, 5 Model Checking  Derived from work on hardware verification  Examines entire state space to verify predicate  Requires significant approximations to handle enormous software state space -E.g. Transform into Boolean program  Can have challenges in finding multiple kinds of errors in a single analysis  Can be used effectively on design-level model of system

© 2006 SofCheck, Inc. S. Tucker Taft, 6 Flow Analysis  Many names -Control and Data Flow Analysis -Abstract Interpretation -Symbolic Execution  Strong heritage in optimizing compiler technology -Alias Analysis -Static Single Assignment -Value and Range Propagation -Scalable Interprocedural Analysis -Iterative algorithms to achieve fix point  Necessary and appropriate approximations  Sound or unsound (false positives vs. false negatives)  Flexibility allows orientation toward discovery of properties; e.g: -Discover preconditions of algorithms as-built that ensure no run-time failures -Discover maximum stack or heap usage

© 2006 SofCheck, Inc. S. Tucker Taft, 7 Future Challenges and Directions  False Negatives and False Positives -Too many of either makes diagnostic test useless -Fighting against the Halting problem -Due to approximations and pragmatics  Loops and recursion make approximations inevitable  Example of Boring Positive: Failures due to overflow of 32-bit counter – Of course it depends on anticipated lifetime of individual invocation of system – Think Y2K  Incremental analysis -Handle larger, evolving systems in “developer” time -Provide what if analysis  Systems of systems -Multiple programming languages -Extra-language communication mechanisms  Static Timing and Performance Analysis -Automated identification of bottlenecks -Related to discovery of properties

© 2006 SofCheck, Inc. S. Tucker Taft, 8 11 Cypress Drive Burlington, MA Tucker Taft +1 (781) x220

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.