Property-Guided Shape Analysis S.Itzhaky, T.Reps, M.Sagiv, A.Thakur and T.Weiss Slides by Tomer Weiss Submitted to TACAS 2014.

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Verifying Executable Object-Oriented Specifications with Separation Logic Stephan van Staden, Cristiano Calcagno, Bertrand Meyer.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.

Aaron Bradley University of Colorado, Boulder

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.

SAT-based verification: underlying methods Mary Sheeran Chalmers University of Technology and Prover Technology AB.

© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.

Predicate Transformers

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.

Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.

Fall 2008 Insertion Sort – review of loop invariants.

VS 3 : Verification and Synthesis using SMT Solvers SMT Solvers for Program Verification Saurabh Srivastava * Sumit Gulwani ** Jeffrey S. Foster * * University.

1 Advanced Material The following slides contain advanced material and are optional.

Computing OverApproximations with Bounded Model Checking Daniel Kroening ETH Zürich.

Describing Syntax and Semantics

Axiomatic semantics - II We reviewed the axiomatic semantic rules for: –assignment –sequence –conditional –while loop We also mentioned: –preconditions,

Proving Program Correctness The Axiomatic Approach.

Thread-modular Abstraction Refinement Thomas A. Henzinger, et al. CAV 2003 Seonggun Kim KAIST CS750b.

7/13/2003BMC A SAT-Based Approach to Abstraction Refinement in Model Checking Bing Li, Chao Wang and Fabio Somenzi University of Colorado at Boulder.

Effectively-Propositional Reasoning about Reachability in Linked Data Structures Shachar Itzhaky Anindya Banerjee Neil Immerman Aleks Nanevski Mooly Sagiv.

1 Employing decision procedures for automatic analysis and verification of heap-manipulating programs Greta Yorsh under the supervision of Mooly Sagiv.

1 Testing, Abstraction, Theorem Proving: Better Together! Greta Yorsh joint work with Thomas Ball and Mooly Sagiv.

Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

Checking Reachability using Matching Logic Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

Chapter 5: Sequences, Mathematical Induction, and Recursion 5.5 Application: Correctness of Algorithms 1 [P]rogramming reliability – must be an activity.

Reasoning about programs March CSE 403, Winter 2011, Brun.

Formal verification of skiplist algorithms Student: Trinh Cong Quy Supervisor: Bengt Jonsson Reviewer: Parosh Abdulla.

Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.

COP4020 Programming Languages Introduction to Axiomatic Semantics Prof. Robert van Engelen.

Proving Non-Termination Gupta, Henzinger, Majumdar, Rybalchenko, Ru-Gang Xu presentation by erkan.

Cut-Based Inductive Invariant Computation Michael Case 1,2 Alan Mishchenko 1 Robert Brayton 1 Robert Brayton 1 1 UC Berkeley 2 IBM Systems and Technology.

From Hoare Logic to Matching Logic Reachability Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

SAT-Based Model Checking Without Unrolling Aaron R. Bradley.

PDR: Property Directed Reachability AKA ic3: SAT-Based Model Checking Without Unrolling Aaron Bradley University of Colorado, Boulder University of Colorado,

1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.

Cs7100(Prasad)L18-9WP1 Axiomatic Semantics Predicate Transformers.

CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.

Adaptive Shape Analysis Thomas Wies joint work with Josh Berdine Cristiano Calcagno TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.

1 Computer Algorithms Tutorial 2 Mathematical Induction Some of these slides are courtesy of D. Plaisted et al, UNC and M. Nicolescu, UNR.

© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,

Tutorial: Proving termination and liveness

Reasoning About Code.

Reasoning about code CSE 331 University of Washington.

Formal Methods in Software Engineering 1

Enhancing PDR/IC3 with Localization Abstraction

Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.

Inferring Simple Solutions to Recursion-free Horn Clauses via Sampling

Property Directed Reachability with Word-Level Abstraction

Programming Languages and Compilers (CS 421)

Predicate Transformers

Towards a Unified Theory of Operational and Axiomatic Semantics

The Zoo of Software Security Techniques

Predicate Abstraction

COP4020 Programming Languages

Data Structures & Programming

Presentation transcript:

Property-Guided Shape Analysis S.Itzhaky, T.Reps, M.Sagiv, A.Thakur and T.Weiss Slides by Tomer Weiss Submitted to TACAS 2014

SoCal Fall Program Verification Goals: Precondition is true. Postcondition holds. One thing is missing... void reverse( List h ) { //Precondition: n*(h,null)... //Postcondition: n*(q,null) }

SoCal Fall Verification tools For every loop: Annotate invariant. Manual process. void reverse( List h ) { //Precondition: n*(h,null)... while( p != null {B}) //{I = ??} {... }... //Postcondition: n*(q,null) }

SoCal Fall Invariants are complex Satisfy 3 properties: {execution of code before loop} --> I B and {execution of loop body} --> I ~B and I and {execution of code after loop} --> Postcondition

SoCal Fall Contribution Automatically find invariants. For programs that manipulate linked lists. Implemented on While-Loop language.

SoCal Fall Linked lists 6 predicates to reason about linked lists. n* relations: n*(a,b) – path from a to b, of length 0 or more. null a b a b

SoCal Fall Example Program the reverses a linked list void reverse( List h ) { //Precondition: n*(h,null) -- h acyclic list p = h; q = null; while( p != null ) //{I} { t = p->n; p->n = q; q = p; p = t; } //Postcondition: n*(q,null) –- q acyclic list } If h is acyclic, q is acyclic

SoCal Fall Consider I= q != null → ~ n*(h,p) and q != null → ~ n*(h,null) and h == null → p == h and ( h != null and p != j ) → n*(q,h) and ( p != null and q != null ) → ~n*(p,h)

SoCal Fall So how to automatically find the invariant? Hard problem: Huge space of possible candidate invariants to consider Infeasible to investigate them all.

SoCal Fall Algorithm Start with a trivial invariant true. Each iteration, refine the invariant. The invariant needs to satisfy 3 conditions. Refine invariant by counterexample, till we find inductive invariant. Based on notion of Property-Directed Reachability, where choices are driven by properties to prove.

SoCal Fall Implementation Use Z3: - an invariant is inductive - strengthening an invariant when it is non-inductive. - producing concrete counterexamples when the goal is violated. Tool terminates, sound but not complete.

SoCal Fall Benchmarks Shape analysis: Reason about shape of data structure

SoCal Fall Conclusions To the best of our knowledge, first tool for automatically inferring invariants for programs that manipulate linked list data structures. Property-directed – choices are driven by the properties to be proven. Implemented on top of standard SAT solver.

SoCal Fall Questions? Tomer Weiss

SoCal Fall PDR related work Based on Property-Directed Reachability (PDR), formerly known as IC3. Thesis work by Aaron R. Bradley, theory.stanford.edu/~arbrad/ "The" IC3 paper: Aaron R. Bradley, SAT-Based Model Checking without Unrolling, VMCAI 2011

SoCal Fall Other related work S. Itzhaky, A. Banerjee, N. Immerman, A. Nanevski, and M.Sagiv, Effectively-propositional reasoning about reachability in linked data structures. In CAV, K. Hoder and N. Bjørner. Generalized property directed reachability. In SAT, A. Podelski and T. Wies. Counterexample-guided focus. In POPL, 2010