1 Combining verification and analysis. 2 CONCLUSIONS ON VERIFICATION  denotational abstract interpreters have the extra-value of being easily transformed.

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Model Driven Generative Programming Reza Azimi February 6, 2003 ECE1770: Trends in Middleware Systems.

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

1 A simple abstract interpreter to compute Sign s.

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Cs776 (Prasad)L4Poly1 Polymorphic Type System. cs776 (Prasad)L4Poly2 Goals Allow expression of “for all types T” fun I x = x I : ’a -> ’a Allow expression.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Tutorial on Widening (and Narrowing) Hongseok Yang Seoul National University.

ISBN Chapter 3 Describing Syntax and Semantics.

CS 355 – Programming Languages

Searching for Type-Error Messages Benjamin Lerner, Matthew Flower, Dan Grossman, Craig Chambers University of Washington.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

Software Testing and Quality Assurance

CSE115/ENGR160 Discrete Mathematics 04/12/11 Ming-Hsuan Yang UC Merced 1.

Catriel Beeri Pls/Winter 2004/5 inductive-revisited 1 Inductive definitions revisited  Generated and Freely generated sets oPattern match, unification.

A Type-Checked Restrict Qualifier Jeff Foster OSQ Retreat May 9-10, 2001.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

1 Abstraction and Approximation via Abstract Interpretation: a systematic approach to program analysis and verification Giorgio Levi Dipartimento di Informatica,

Describing Syntax and Semantics

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

1 How to transform an abstract analyzer into an abstract verifier.

A Mystery Esterel –small no type inference, subtyping, … no recursion, functions, … no pointers, malloc, GC, … no complex data structures, libraries,

Introduction and Chapter 8 of Programming Languages by Ravi Sethi Elements of Functional Programming.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

1 The CeNTIE project is supported by the Australian Government through the Advanced Networks Program of the Department of Communications, Information Technology.

CS6133 Software Specification and Verification

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

CS 363 Comparative Programming Languages Semantics.

Quality Driven SystemC Design By Nasir Mahmood. Hybrid Approach The idea here is to combine the strengths of simulation – namely the ability to handle.

Type Safety Kangwon National University 임현승 Programming Languages.

Albert Gatt LIN3021 Formal Semantics Lecture 4. In this lecture Compositionality in Natural Langauge revisited: The role of types The typed lambda calculus.

Universidad Nacional de ColombiaUniversidad Nacional de Colombia Facultad de IngenieríaFacultad de Ingeniería Departamento de Sistemas- 2002Departamento.

Recursive Algorithms &

Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.

Semantics In Text: Chapter 3.

1 Chapter 26 Cleanroom Software Engineering Cleanroom Developed in early 80’s by Harlan Mills Reported very good results –reliable, high-quality.

1 Model Checking of Robotic Control Systems Presenting: Sebastian Scherer Authors: Sebastian Scherer, Flavio Lerda, and Edmund M. Clarke.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.

Computer Science 112 Fundamentals of Programming II.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

A function is a rule f that associates with each element in a set A one and only one element in a set B. If f associates the element b with the element.

Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.

Relational String Verification Using Multi-track Automata.

Abstraction and Abstract Interpretation. Abstraction (a simplified view) Abstraction is an effective tool in verification Given a transition system, we.

1 Abstract interpretation Giorgio Levi Dipartimento di Informatica, Università di Pisa

Introduction: Computer programming

Formal methods: Lecture

Automating Induction for Solving Horn Clauses

Design and Analysis of Algorithms

Propositional Calculus: Boolean Algebra and Simplification

Mathematical Structures for Computer Science Chapter 1

Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.

Lecture 5 Floyd-Hoare Style Verification

Over-Approximating Boolean Programs with Unbounded Thread Creation

Semantics In Text: Chapter 3.

Types and Type Checking (What is it good for?)

Formal Methods in software development

COP4020 Programming Languages

Presentation transcript:

1 Combining verification and analysis

2 CONCLUSIONS ON VERIFICATION  denotational abstract interpreters have the extra-value of being easily transformed into compositional verifiers  compositional verification is useful for debugging condition 2 F  P (S)  S is exactly the one used in abstract diagnosis to locate possible bugs, when not satisfied  verification can be combined with analysis (inference), when the program contains property specifications types in ML-like languages

3 COMBINING VERIFICATION AND ANALYSIS  the typing rule for recursion in ML H [f   ]  x.e   H   f. x.e   H type environment  monotype with variables the expected type  of the expression can be specified in ML and might be used by the inference algorithm H [f   ]  x.e   H   f. x.e :   the premise of the rule is exactly our condition 2

4 TYPING RULES AND TYPE CHECKING § the interesting case is the one of recursion § the typing rule in the Damas-Milner type system, where H is a type environment and  is a monotype with variables, H [f   ]  x.e   H   f. x.e   shows that  is a fixpoint of the functional associated to the recursive definition l the rule does not give hints on how to guess  for type inference l the rule can directly be used for type checking, if  occurs in the program, as a type specification l is this rule actually used by the ML’s type checking algorithm?

5 ML’s TYPE CHECKER DOES NOT USE THE RECURSION TYPING RULE H [f   ]  x.e   H   f. x.e:     a counterexample (example 2 with type specification) # let rec (f:('a -> 'a)->('a -> 'b)-> int -> 'a -> 'b) = function f1 -> function g -> function n -> function x -> if n=0 then g(x) else f(f1)(function x -> (function h -> g(h(x)))) (n-1) x f1;; This expression has type ('a -> 'a) -> 'b but is here used with type 'b l the specified type is indeed a fixpoint l suggests that type checking is performed as type inference + comparison (sufficient condition 1, early widening) l same behaviour with the mutual recursion example

6 COMBINING VERIFICATION AND ANALYSIS H [f   ]  x.e   H   f. x.e:    § verification of type specifications might help in type inference l if the specified type is satisfied, then it is the inferred type l more precise types without better fixpoint approximations (no fixpoint computation is involved in type checking) § we can use a weaker rule for type checking H [f   ]  x.e   H   f. x.e :   § the premise of the rule is exactly our condition 2

7 FROM TYPE SYSTEMS TO TYPE INFERENCE  type systems are very important to handle a large class of properties functional and object-oriented programming calculi for concurrency and mobility  the type system directly reflects the property we are interested in  typing rules are easy to understand  it is often hard to move from the typing rules to the type inference algorithm systematic techniques are needed abstract interpretation provides some of these techniques