Victor Kuliamin Institute for System Programming Russian Academy of Sciences Moscow.

Slides:



Advertisements
Similar presentations
Demand-driven inference of loop invariants in a theorem prover
Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Leonardo de Moura Microsoft Research. Z3 is a new solver developed at Microsoft Research. Development/Research driven by internal customers. Free for.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 15 January 2009 Séminaire Digiteo Orsay, France.
Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.
Symbolic Execution with Mixed Concrete-Symbolic Solving
Satisfiability Modulo Theories (An introduction)
Promising Directions in Hardware Design Verification Shaz Qadeer Serdar Tasiran Compaq Systems Research Center.
50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Hybrid Concolic Testing Rupak Majumdar Koushik Sen UC Los Angeles UC Berkeley.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
How Can Simple Model Test Complex System Model Based Testing of Large-Scale Software Victor Kuliamin ISP RAS, Moscow.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Automatically Validating Temporal Safety Properties of Interfaces Thomas Ball and Sriram K. Rajamani Software Productivity Tools, Microsoft Research Presented.
DART Directed Automated Random Testing Patrice Godefroid, Nils Klarlund, and Koushik Sen Syed Nabeel.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Synthesis of Interface Specifications for Java Classes Rajeev Alur University of Pennsylvania Joint work with P. Cerny, G. Gupta, P. Madhusudan, W. Nam,
Temporal-Safety Proofs for Systems Code Thomas A. Henzinger Ranjit Jhala Rupak Majumdar George Necula Westley Weimer Grégoire Sutre UC Berkeley.
Nikolaj Bjørner Leonardo de Moura Nikolai Tillmann Microsoft Research August 11’th 2008.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.
Lazy Abstraction Tom Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Caltech Pasadena, CA 12 November 2009.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
CSC2108 Lazy Abstraction on Software Model Checking Wai Sum Mong.
Grand Challenge Problem: Model Check Concurrent Software Edmund M. Clarke Department of Computer Science Carnegie Mellon University.
Nikolaj Bjørner and Leonardo de Moura Microsoft Research Microsoft Corporation McMaster University, November 28, 2007.
Symbolic Execution with Mixed Concrete-Symbolic Solving (SymCrete Execution) Jonathan Manos.
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
DySy: Dynamic Symbolic Execution for Invariant Inference.
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Verification of Java Programs using Symbolic Execution and Loop Invariant Generation Corina Pasareanu (Kestrel Technology LLC) Willem Visser (RIACS/USRA)
1 Total Correctness of Recursive Functions Using JML4 FSPV George Karabotsos, Patrice Chalin, Perry R. James, Leveda Giannas Dependable Software Research.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 3: Modular Verification with Magic, Predicate Abstraction.
Rule Checking SLAM Checking Temporal Properties of Software with Boolean Programs Thomas Ball, Sriram K. Rajamani Microsoft Research Presented by Okan.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
SAT & SMT. Software Verification & Testing SAT & SMT Test case generation Predicate Abstraction Verifying Compilers.
Newton: A tool for generating abstract explanations of infeasibility1 The Problem P (C Program) BP (Boolean Program of P) CFG(P) CFG(BP)
Predicate Abstraction of ANSI-C Programs Using SAT By Edmund Clarke, Daniel Kroening, Natalia Sharygina, Karen Yorav Presented by Yunho Kim Provable Software.
Applications of extended static checking K. Rustan M. Leino Compaq SRC K. Rustan M. Leino Compaq SRC Systems Research Center Invited talk, SAS’01, Paris,
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Scalable Symbolic Execution: KLEE.
Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata.
ISP RAS Java Specification Extension for Automated Test Development Igor B. Bourdonov, Alexei V. Demakov, Andrei A. Jarov, Alexander S. Kossatchev, Victor.
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.
The Yogi Project Software property checking via static analysis and testing Aditya V. Nori, Sriram K. Rajamani, Sai Deep Tetali, Aditya V. Thakur Microsoft.
Welcome to CS 477 Formal Methods in Software Development Spring 2011 Madhusudan Parthasarathy ( Madhu )
UniTesK Test Suite Architecture Igor Bourdonov Alexander Kossatchev Victor Kuliamin Alexander Petrenko.
1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.
CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
Extended Static Checking for Java Cormac Flanagan Joint work with: Rustan Leino, Mark Lillibridge, Greg Nelson, Jim Saxe, and Raymie Stata Compaq Systems.
Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.
Finding bugs with a constraint solver daniel jackson. mandana vaziri mit laboratory for computer science issta 2000.
© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,
SAT for Software Model Checking Introduction to SAT-problem for newbie
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Marcelo d’Amorim (UIUC)
Hoare-style program verification
CUTE: A Concolic Unit Testing Engine for C
The Zoo of Software Security Techniques
Predicate Abstraction
Presentation transcript:

Victor Kuliamin Institute for System Programming Russian Academy of Sciences Moscow

 Growth of software complexity  Degradation of software quality 2/34 SYRCoSE 2009, May 28 Bugs per 1000 LOC

Checking consistency between different development artifacts, relevant standards, and between them all and real system operation 3/34 SYRCoSE 2009, May 28 DesignSource Code System Operation Requirements Development Processes Standards and Rules

 Review (inspection)  Static analysis  Correctness rules checking  Bug search  Dynamic analysis  Monitoring  Testing  Formal methods  Theorem proving  Model checking 4/34 SYRCoSE 2009, May 28

 Static analysis  Dynamic analysis 5/34 SYRCoSE 2009, May 28 Requirements & Rules Source Code Analysis Tool System Operation   Requirements & Rules Monitoring Environment   Users Test Generation

 Theorem proving [R. Floyd 1967, C. A. R. Hoare 1969]  Hoare logic – {Pre} Program {Post}  Inference rules  Model checking [E. M. Clarke & E. A. Emerson 1980, J. P. Queille & J. Sifakis 1982]  Analysis of reachable states 6/34 SYRCoSE 2009, May 28

 Model based testing  Extended static analysis  Runtime verification  Compound structured testing  Auxiliary  Symbolic execution  Abstract interpretation  Constraint inference  Constraint resolution 7/34 SYRCoSE 2009, May 28 Formal models Testing Static analysis Monitoring

[J. C. King, L. A. Clark 1976] 8/34 SYRCoSE 2009, May 28 if(x > 0) { y := x+2; } else if(x > -1) { y := x+1; } else { y := x; } [(x > 0)  (y = x+2)] & [(x ≤ 0 & x > - 1)  (y = x+1)] & [[(x ≤ - 1)  (y = x) ]

[P. Cousot & R. Cousot 1977]  Abstract Domains  Octagons  x  y ≤ a  Polyhedra  Heap structures  Bit vectors …… 9/34 SYRCoSE 2009, May while ( (x == 0) && (2*f(x) <= z+g(y/2.5)) ) {... x++; }... while ( B ) {... B = false; }...

 Daikon1999MIT M. D. Ernst  =, ≠, <, ≤, ax + by + cz + d = 0, x = y 2, x % y = 0  , , , , A  B= , subsequence, no duplicates, reverse  Houdini2001Flanagan, Leino  DIDUCE2002Stanford University  Agitator2003Agitar  DySy2007Tillmann, Csallner, Smaragdakis 10/34 SYRCoSE 2009, May 28

SAT solvers – DPLL algorithm 1962 SMT solvers – Satisfiability modulo Theory  CVC2002Stanford D. L. Dill, C. W. Barrett, A. Stump  Yices2005SRI International B. Dutertre, L. de Moura  Z32006Microsoft Research L. de Moura, N. S. Bjørner 11/34 SYRCoSE 2009, May 28 SMT-LIB

 Model based testing  Extended static analysis  Runtime verification  Compound structured testing 12/34 SYRCoSE 2009, May 28

13/34 SYRCoSE 2009, May 28 State model and oracle State model System under test Behavior model Test action generator Adequacy metric 12% Adequacy criteria 36%57%87% FSM-based testing [F. C. Hennie 1964, M. P. Wasilevsky 1973]

 Automata (FSM, LTS, ASM)  TGV1997INRIA T. Jéron et al.  TorX1999University of Twente J. Tretmans et al.  Gotcha-TCBeans1999IBM Research A. Hartman et al.  Automata + Software Contracts  UniTESK2000ISP RAS A. Petrenko et al.  SpecExplorer2004Microsoft Research W. Schulte et al. + symbolic execution 14/34 SYRCoSE 2009, May 28

 ModelJUnit2004Waikato University M. Utting et al.  NModel2007Univ. of Washington Microsoft Research J. Jacky, M. Veanes et al. 15/34 SYRCoSE 2009, May 28

namespace ClientServer { [Feature] public partial class Server { public static Socket serverSocket = Socket.None; public static Phase phase = Phase.Send; public static bool ServerSocketEnabled() { return (serverSocket == Socket.None); } [Action] public static void ServerSocket() { serverSocket = Socket.Created; } public static bool ServerBindEnabled() { return (serverSocket == Socket.Created); } [Action] public static void ServerBind() { serverSocket = Socket.Bound; } public static bool ServerListenEnabled() { return (serverSocket == Socket.Bound); } [Action] public static void ServerListen() { serverSocket = Socket.Listening; } public static bool ServerAcceptEnabled() { return (serverSocket == Socket.Listening); } [Action] public static void ServerAccept() { serverSocket = Socket.Connected; } public static bool ServerReceiveEnabled() { return (serverSocket == Socket.Connected && phase == Phase.ServerReceive); } [Action] public static void ServerReceive() { phase = Phase.Send; } } 16/34 SYRCoSE 2009, May 28

17/34 SYRCoSE 2009, May 28 [Feature] public partial class Client { public static Socket clientSocket = Socket.None; public static double clientBuffer = double.MaxValue; public static bool ClientSocketEnabled() { return (clientSocket == Socket.None); } [Action] public static void ClientSocket() { clientSocket = Socket.Created; } public static bool ClientConnectEnabled() { return (clientSocket == Socket.Created); } [Action] public static void ClientConnect() { clientSocket = Socket.Connecting; } public static bool ClientSendEnabled() { return (clientSocket == Socket.Connected); } [Action] public static void ClientSend() { phase = Phase.ServerReceive; } public static bool ClientReceiveEnabled() { return (clientSocket == Socket.Connected); } [Action] public static double ClientReceive(double datum) { clientBuffer = datum; return datum; } public static bool ClientCloseEnabled() { return (clientSocket == Socket.Created || clientSocket == Socket.Connected); } [Action] public static void ClientClose() { clientSocket = Socket.Closed; } }

18/34 SYRCoSE 2009, May 28 [Feature] public partial class Server { public static bool ClientConnectEnabled() { return (serverSocket == Socket.Listening); } public static bool ClientSendEnabled() { return (phase == Phase.Send); } [Action] public static void ClientSend() { phase = Phase.ServerReceive; } public static bool ClientReceiveEnabled() { return (phase == Phase.ClientReceive); } [Action] public static void ClientReceive() { phase = Phase.Send; } } [Feature] class Values2 { readonly static Set Values = new Set (99.9, 100.0); [Action] static void ClientReceive([Domain("Values")] double datum) {} }

19/34 SYRCoSE 2009, May 28 [Feature] public partial class Client { public static bool ServerAcceptEnabled() { return (clientSocket == Socket.Connecting); } [Action] public static void ServerAccept() { clientSocket = Socket.Connected; } }

20/34 SYRCoSE 2009, May 28 Server

21/34 SYRCoSE 2009, May 28

[G. Nelson & J. B. Saxe et al. 1991]  Search for bugs  Sound analysis 22/34 SYRCoSE 2009, May 28 Requirements & Rules Source Code Behavior model Analysis Tool Provers, Solvers, Model Checkers

 ESC/Modula 31995DEC G. Nelson, J. B. Saxe, K. R. M. Leino, D. Detlefs  ESC/Java2000 Compaq K. R. M. Leino, C. Flanagan  ASTREE2002 CNRS P. Cousot  ESC/Java  Simplify  Spec# Checker2004Microsoft Research K. R. M. Leino  Boogie  Calysto2008University of British Columbia 23/34 SYRCoSE 2009, May 28

 Boolean satisfiability (SAT) (x 1  ~x 2 ) & (~x 1  x 3 )  Linear integer arithmetics x 1 < x  Floating-point arithmetics x 1 · x 2 = 2.5  Polyhedra 0.2x 1 +3x 3 > x 2 –3.7x 4  Ellipsoids 2x x 2 2 ≤ 76.9  Heap structures x 1 →p→p ≠ x 2 →p …… 24/34 SYRCoSE 2009, May 28

Counterexample guided abstraction refinement CEGAR [E. M. Clarke & O. Grumberg et al 2000, T. Ball & S. K. Rajamani 2000] 25/34 SYRCoSE 2009, May 28 do { nPacketsOld = nPackets;... if(request) {... nPackets++; } } while (nPackets != nPacketsOld); do { b = true;... if(request) {... b = b?false:*; } } while (!b);

26/34 SYRCoSE 2009, May / 1 4 Behavior Model Model Checking Counterexample Behavior Model Test Data and Scenario Approval Bug! Refutation Model Refinement Correctness Rules Code under check

 SLAM2001Microsoft Research T. Ball, S. K. Rajamani et al.  Static Driver Verifier2007Microsoft  BLAST2003UC Berkeley T. A. Henzinger, R. Jhala, R. Majumdar, G. Sutre  MAGIC2003SCS Carnegie Mellon E. M. Clarke, S. Chaki et al. 27/34 SYRCoSE 2009, May 28

[K. Havelund & W. Visser 1999]  Java Path Finder + symbolic execution + test generation System under check 28/34 SYRCoSE 2009, May 28 Behavior model Monitoring Environment State model and oracle

[??? ]  Targeting to cover various paths in source/byte code  Test oracle  No exceptions NullPointer, IndexOutOfBounds, ClassCast, DivideByZero, IllegalArgument  Annotations and formal models  Test data and sequences generation  Random  Symbolic execution + constraint resolution  State abstraction  Heuristic search 29/34 SYRCoSE 2009, May 28

[Y. Smaragdakis, C. Csallner]  JCrasher2004  Check-n-Crash2005  DSD-Crasher /34 SYRCoSE 2009, May 28 Daikon ESC/Java 2 solver

[P. Godefroid, G. Agha, K. Sen 2005]  CUTE2005 Consolic testing (concrete + symbolic)  jCUTE /34 SYRCoSE 2009, May 28 Execution Program Symbolic Execution Looking for new paths Tests

 SAGE2007  Pex2007 N. Tillmann, W. Schulte, J. de Halleux 32/34 SYRCoSE 2009, May h: ; h: ; h: ; h: ; h: ; h: ; h: ;.... Generation 0 – initial input – 100 bytes of “00” h: ; RIFF h: ; h: ; h: ; h: ; h: ; h: ;.... Generation h: ** ** ** ; RIFF....*** h: ; h: ; h: ; h: ; h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ; h: ; h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh h: ; h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: ; h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: ;....strf h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: ;....strf....( h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: ;....strf....( h: C9 9D E4 4E ; ÉäN h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: ;....strf....( h: ; h: ;.... Generation h: D ** ** ** ; RIFF=...*** h: ; h: ; h: ;....strh....vids h: B A ;....strf²uv:( h: ; h: ;.... Generation 10 – bug ID ! Found after only 3 generations starting from “well-formed” seed file

 EXE2005Stanford Univ. D. Dill, D. Engler et al.  Randoop2007MIT + MS Research T. Ball, M. D. Ernst, C. Pacheco, S. Lahiri …… 33/34 SYRCoSE 2009, May 28

 Modern verification tools  Use basic services of component technologies  Integrate a lot of techniques  Become highly modular  Can be modules of each other  Next step – integration frameworks ?  Java PathFinder  Bogor  Microsoft RiSE 34/34 SYRCoSE 2009, May 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.