Construction of Abstract State Graphs with PVS Susanne Graf and Hassen Saidi VERIMAG.

Slides:



Advertisements
Similar presentations
Demand-driven inference of loop invariants in a theorem prover
Advertisements

Continuing Abstract Interpretation We have seen: 1.How to compile abstract syntax trees into control-flow graphs 2.Lattices, as structures that describe.
Abstraction of Source Code (from Bandera lectures and talks)
Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
Timed Automata.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Compatibility between shared variable valuations in timed automaton network model- checking Zhao Jianhua, Zhou Xiuyi, Li Xuandong, Zheng Guoliang Presented.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Automatic Predicate Abstraction of C-Programs T. Ball, R. Majumdar T. Millstein, S. Rajamani.
Partial correctness © Marcelo d’Amorim 2010.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
CS 355 – Programming Languages
Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.
© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
Review: forward E { P } { P && E } TF { P && ! E } { P 1 } { P 2 } { P 1 || P 2 } x = E { P } { \exists … }
Overview of program analysis Mooly Sagiv html://
Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson
Witness and Counterexample Li Tan Oct. 15, 2002.
Invisible Invariants: Underapproximating to Overapproximate Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
1 Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.
Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
A Brief Summary for Exam 1 Subject Topics Propositional Logic (sections 1.1, 1.2) –Propositions Statement, Truth value, Proposition, Propositional symbol,
1 Iterative Program Analysis Abstract Interpretation Mooly Sagiv Tel Aviv University Textbook:
1 Automatic Non-interference Lemmas for Parameterized Model Checking Jesse Bingham, Intel DEG FMCAD 2008.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
1 Bisimulations as a Technique for State Space Reductions.
Lazy Abstraction Jinseong Jeon ARCS, KAIST CS750b, KAIST2/26 References Lazy Abstraction –Thomas A. Henzinger et al., POPL ’02 Software verification.
Lecture 81 Optimizing CTL Model checking + Model checking TCTL CS 5270 Lecture 9.
Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.
Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)
Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.
Compositionality Entails Sequentializability Pranav Garg, P. Madhusudan University of Illinois at Urbana-Champaign.
This Week Lecture on relational semantics Exercises on logic and relations Labs on using Isabelle to do proofs.
1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University
Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Quantified Data Automata on Skinny Trees: an Abstract Domain for Lists Pranav Garg 1, P. Madhusudan 1 and Gennaro Parlato 2 1 University of Illinois at.
Variants of LTL Query Checking Hana ChocklerArie Gurfinkel Ofer Strichman IBM Research SEI Technion Technion - Israel Institute of Technology.
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.
1 Iterative Program Analysis Abstract Interpretation Mooly Sagiv Tel Aviv University Textbook:
Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Operational Semantics Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson
Operational Semantics Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Fundamentals of Fault-Tolerant Distributed Computing In Asynchronous Environments Paper by Felix C. Gartner Graeme Coakley COEN 317 November 23, 2003.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Formal methods: Lecture
Textbook: Principles of Program Analysis
Symbolic Implementation of the Best Transformer
Iterative Program Analysis Abstract Interpretation
ITEC452 Distributed Computing Lecture 5 Program Correctness
Over-Approximating Boolean Programs with Unbounded Thread Creation
Formal Methods in software development
Predicate Abstraction
COP4020 Programming Languages
Presentation transcript:

Construction of Abstract State Graphs with PVS Susanne Graf and Hassen Saidi VERIMAG

Summary of the Paper Method based on abstract interpretation –a weaker abstract transition relation –automatically construct an abstract state graph –input: infinite state program Monomials: particular set of abstract states –defined w.r.t. a set of state predicates  1...  k Successor states: computed by using PVS –upper approximation of the successor states Construct abstract state graph –verify invariants –LTL prop. by MC

Summary of the Paper (2) Abstract State Graph: –represents a relatively precise global control flow graph of the system –can be used to generate stronger structural invariants –assumes that control depends on data Implemented the method in a tool: –interfaced with PVS, ALDÉBARAN Verified bounded retransmission protocol: –protocol developed by Philips –used the tool to prove correctness almost automatically

Parallel Systems: Syntax Basic intuition: parallel composition of processes by interleaving and synchronization by shared variables (unity) Process: process P is varsx 1 :T 1,..., x n :T n → global, what P uses initinit_pred(x 1,..., x n )→ implicit pc (control var) update □ g 1 (x) → ass 1 (x)-  1 □ g n (x) → ass n (x)-  n Parallel composition (P 1 || P 2 ): is a process P s.t. P_init = P 1 _init  P 2 _init P_vars = P 1 _vars  P 2 _vars P_upd = P 1 _upd  P 2 _upd Type - might be infinite (PVS type)

Transition Graph for P Given is P (vars, init, update) Define the transition graph S P = (Q P, R P, I P ) Q P = T 1 x... x T n R P = U  i where  i (q) = I P = {q | init(q) = true} R P : Q P → P(Q P ) ≡ R P  Q P x Q P i=1 P  if g i (q) = false ass i (q) otherwise

Predicate Transformers Definition: R  Q x Q and   P(Q) {  } g → ass {  } strongest postcondition:post[R](  ) =  q. R(q,q')   (q) weakest precondition:pre[R](  ) =  q'. R(q,q')   (q') R(q, q 1 )   (q 1 ) ... R(q, q n )   (q n ) property:  = post[R](  )   = pre[R](  ) preconditionpostcondition set of guarded assignments ass(q) pre[  i ](  ) = g i (x)   [ass i (x) / x]  no quantifiers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.