Development of Symbolic Debuggers Based on Refinement Calculus RK Shyamasundar Rohit Kundaji Tata Institute of Fundamental Research Mumbai 400 005 India.

Slides:

Advertisements

Similar presentations

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Advertisements

CSC 4181 Compiler Construction Code Generation & Optimization.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

AUTOMATIC GENERATION OF CODE OPTIMIZERS FROM FORMAL SPECIFICATIONS Vineeth Kumar Paleri Regional Engineering College, calicut Kerala, India. (Currently,

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

ISBN Chapter 3 Describing Syntax and Semantics.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Semantic analysis Parsing only verifies that the program consists of tokens arranged in a syntactically-valid combination, we now move on to semantic analysis,

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

1 Static Analysis Methods CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology March 20, 2007.

Language Specfication and Implementation - PART II: Semantics of Procedural Programming Languages Lee McCluskey Department of Computing and Mathematical.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Translation Validation A.PnueliM.SiegelE.Singerman.

Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

Describing Syntax and Semantics

Programming Fundamentals (750113) Ch1. Problem Solving

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

Formal Techniques for Verification Using SystemC By Nasir Mahmood.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.

1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Executable Translatable UML Stephen J. Mellor Chief Scientist.

CS 326 Programming Languages, Concepts and Implementation Instructor: Mircea Nicolescu Lecture 2.

Foundations of Software Testing Chapter 1: Preliminaries Last update: September 3, 2007 These slides are copyrighted. They are for use with the Foundations.

CS412/413 Introduction to Compilers and Translators Spring ’99 Lecture 8: Semantic Analysis and Symbol Tables.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Unit-1 Introduction Prepared by: Prof. Harish I Rathod

Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

1 Programming Languages Fundamentals Cao Hoaøng Truï Khoa Coâng Ngheä Thoâng Tin Ñaïi Hoïc Baùch Khoa TP. HCM.

Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.

CS Data Structures I Chapter 2 Principles of Programming & Software Engineering.

Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”

CSC 480 Software Engineering Design by Contract. Detail Design Road Map Begin with architectural models  Class model: domain classes  Overall state.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

Chapter 1 Introduction Study Goals: Master: the phases of a compiler Understand: what is a compiler Know: interpreter,compiler structure.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke Presented by: Xia Cheng.

CSE Winter 2008 Introduction to Program Verification January 15 tautology checking.

1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.

C H A P T E R T H R E E Type Systems and Semantics Programming Languages – Principles and Paradigms by Allen Tucker, Robert Noonan.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Duminda WijesekeraSWSE 623: Introduction1 Introduction to Formal and Semi- formal Methods Based on A Specifier's Introduction to Formal Methods (J. Wing)

Compiler Construction CPCS302 Dr. Manal Abdulaziz.

LECTURE 3 Compiler Phases. COMPILER PHASES Compilation of a program proceeds through a fixed series of phases.  Each phase uses an (intermediate) form.

Faithful mapping of model classes to mathematical structures Ádám Darvas ETH Zürich Switzerland Peter Müller Microsoft Research Redmond, WA, USA SAVCBS.

Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.

Interface specifications At the core of each Larch interface language is a model of the state manipulated by the associated programming language. Each.

Dr. Hussien Sharaf Dr Emad Nabil. Dr. Hussien M. Sharaf 2 position := initial + rate * Lexical analyzer 2. Syntax analyzer id 1 := id 2 + id 3 *

Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.

Advanced Computer Systems

Proof Carrying Code and Proof Preserving Program Transformations

Software Engineering (CSI 321)

State your reasons or how to keep proofs while optimizing code

Logical architecture refinement

CSE401 Introduction to Compiler Construction

Programming Fundamentals (750113) Ch1. Problem Solving

Programming Fundamentals (750113) Ch1. Problem Solving

G1. G1 g2 g3 g4 g5 g6 g8 g10 g11 g12 g14.

Programming Fundamentals (750113) Ch1. Problem Solving

Programming Fundamentals (750113) Ch1. Problem Solving

Presentation transcript:

Development of Symbolic Debuggers Based on Refinement Calculus RK Shyamasundar Rohit Kundaji Tata Institute of Fundamental Research Mumbai India

Approach Based on generalization of Translation validation (TV) –Through our proof rule: Establish Refinement In TV one verifies each of run of the compiler rather than verify the compiler itself We Establish Refinement Rule to arrive at semantic debuggers wherein the debuggers do not permit invalid values to be propagated corresponding to the optimizations/code generation deployed Prototype realized in prolog; extendable for complex debuggers.

Translation Validation Semantics (L) HLL L Object A Semantics (A) Compiler (Code Gen) Verification Semantic Mapping

Translation Validation The notion of refinement forms the basis of correct translation: Show the existence of a “Refinement Function” which maps each concrete state to a corresponding abstract state. System S is defined by where –V: Variables –O: Observable Variables –Θ: Initial Conditions –Τ: Transition Relations

Proof Rule: Establish Refinement Prove Concrete code S C implements Abstract code S A Establish Control Abstraction Κ: CP C → 2 CP A mapping each value of concrete control variable to one or more value of abstract control variable For each node p in the source, form invariants Φ A P and Φ C P. Establish a Data Abstraction Mapping, α which relates variables in concrete and abstract systems.

Establish Refinement (Contd) For each pair of nodes i,j with a simple path between them, prove validity The control abstraction and data abstraction mapping represent the “Refinement Function”, while the invariants ensure that this function is consistent throughout the program.

Our Approach Automation of Translation validation. We take the approach of using the refinement function discovered in the translation validation phase to map between the abstract and concrete states during symbolic debugging. Implementation: Code the Refinement Function as PROLOG rules. Mapping achieved by queries. Invariants allow consistency checks when modifying source variable values: Do not allow modifications of properties that have been the basis of optimizations in code generation

Example Source: Target: L0: a=0; L1: if(a)l0: {ra := 0; L5: c = (a+b) - (a+b)/4; l1: rd := rb >> 2; } l3: add c := rb-rd; else l4: { L3: c = (b-a) - (b-a) / 4; } L4: Table 1: A Simple Example (Constant propagation, constant folding, unreachable code elimination,common subexp elimination

A Simple Illustration

1.Mapping Abstract Location to Concrete Location. Achieved by query of type: map( [ Π C,_,_,_, … ],[π A,_,_,_, …] ). In our example: map( [ PI_C,_,_,_,_ ], [0,_,_,_,_ ]). Prolog responds with: PI_C = 0 ?;/*location l0 in concrete …*/ no/*…and no other location(unique)*/ |?-

2.Mapping Concrete Location to Abstract Location Achieved by query of type: map( [ π C,_,_,_, … ],[ Π A,_,_,_, …] ). In our example: map( [1,_,_,_,_ ], [PI_A,_,_,_,_ ]). Prolog responds with: PI_A = 1 ?;/*location L1 in abstract…*/ no/*…and no other location (unique)*/ |?-

3.Mapping Concrete State to Abstract State Achieved by query of type: map([ π C,v1 C,v2 C,v3 C,…],[ Π A,V1 A,V2 A,V3 A,…]). In our example: map( [1, 0, 8, _, _ ], [PI_A, A, B, C]). Prolog responds with: A=0 B=8 PI_A = 1 ?;/*concrete state…*/ no/*…and no other state(unique)*/ |?-

4.Mapping Concrete State to Abstract State Achieved by query of type: map([Π C,V1 C,V2 C,V3 C,…],[π A, v1 A,v2 A,v3 A,…]). In our example: map( [ PI_C, RA, RB, RC ], [1, 0, 8, _ ]). Prolog responds with: RA=0 RB=8 PI_C = 1 ?;/*concrete state…*/ no/*…and no other state(unique)*/ |?-

5.Detecting Inconsistent Changes in Abstract System Suppose we modify value of ‘a’ to 1: Query: map( [ PI_C, RA, RB, RC ], [1, 1, 8, _ ]). Prolog responds with: no/* no possible state */ |?-

Discussion Through Translation validation, we have been able – realize specification of semantic debuggers in a declarative way – prototype implementation through Prolog More Complex semantic debuggers can be specified and realized Work in progress: Application of TV –For mobile code certification, debuggers for optimized code (Transparent debuggers), etc.