Presentation is loading. Please wait.

Presentation is loading. Please wait.

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Published byNevaeh Leavey Modified over 10 years ago

Similar presentations

Presentation on theme: "Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”"— Presentation transcript:

1 Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

2 Verification-Condition Generation (VCG) Steps in Verification generate formulas implying program correctness attempt to prove formulas if formula is valid, program is correct if formula has a counterexample, it indicates one of these: error in the program error in the property error in auxiliary statements Terminology generated formulas: verification conditions generation process: verification-condition generation program that generates formulas: verification-condition generator (VCG)

3 VCG Explained Until Now Programs that Manipulate Integers Compute Formulas from Programs Formulas with Integer Variables and Operations Prover (Integer Constraint Solver)

4 VCG for Real Languages Programs that Manipulate Integers, Maps, Arrays, and Linked Data Structures Compute Formulas from Programs have more operations in expressions of x=E Formulas with Integer Variables and Operations, as well as variables and operations on functions Prover (Integer Constraint Solver) + provers for function symbols, mathematical arrays, term algebras,...

5 Weakest Precondition Formula For set P, relation r P = wp(r,Q) means Let P F and Q F have x as free variable(s) For formula Q F, command c, P F = wp(c,Q F ) should imply {x | P F } = wp([[c]], {x|Q F }) If formula for command c is F(x,x’) then P F is

6 assume(E) x=E havoc(x) Preconditions for Basic Commands

7 Key Next Step: Handling Arrays If we know how to handle one static array, we will easily generalize to heap, many arrays, and other memory data structures. Now our language has – integer variables: x:Int; j:Int(as before) – but also arrays: a : Array[Int], b : Array[Int]

8 Subtlety of Array Assignment Rule for wp of assignment of expression E to variable x, for postcondition P: wp(x=E, P) = Example: wp(x=y+1,x > 5) = wp of assignment to an array cell: wp(a[i]=y+1, a[i]>5) = wp(a[i]=y+1, a[i]>5 && a[j]>3) =

9 wp of a[i]=E Let P be any formula containing also a[j] expressions wp(a[i]=E, P) =

10 Arrays as Mathematical Functions Suppose we have expressions that manipulate functions. Array update operator on functions: f(x:=v) = g means: 1) g(x)=v, and 2) g(y)=f(y) for y != x. How to represent assignments? x = a[i]  x = a(i) a[i]=v 

11 Construct formulas recursively Guarded program given by tree Leaves: x=E, assume(P) assume(P)  x=E 

12 Tree nodes (recursion) Non-deterministic choice [] Sequential composition ;

13 Generated Formula: Size and Structure How do generated formulas look like for loop-free code? ((c1 ; c2) [] (c3 ; c4)) ; c5 ( F1 & F2 | F3 & F4 ) & F5 can move existential quantifiers to top What is the size of the formula as function of code size?

14 Logic with Array Updates Variables denote: integers or arrays Operations on integers: +,-,*,/ Operations on arrays: a(i), a(i:=v) Comparison operators: ==, !=, Operators on atomic formulas: &&, ||, ! (Combination of theory of integers and extensional theory of arrays.)

15 Example with Static Arrays if (a[i] > 0) { b[k]= b[k] + a[i]; i= i + 1; k = k + 1; } else { b[k] = b[k] + a[j]; j= j + 1; k = k – 1; }

16 Example with Static Arrays (assume(a(i) > 0); b= b(k:= b(k)+ a(i)); i= i + 1; k = k + 1;) [] (assume(a(i)<=0); b= b(k:= b(k)+ a(j)); j= j + 1; k = k – 1; ) guarded commands: formula

17 Conditional Expressions y = (x > 0 ? x : (-x)) y = abs(x) a3 = a2(i:=v) && x = a3(j) Can we eliminate a3? We obtain

18 Eliminating Conditionals Formula u = (x > 0 ? x+1 : 2-x) becomes: Satisfiability of y > z + 2*(x > 0 ? x : (-x)) Becomes satisfiability of Satisfiability of disjunctions?

19 Logic with Conditional Expressions Variables denote: integers or arrays Operations on integers: +,-,*,/ Arrays access: a(i) Comparison operators: ==, !=, Operators on atomic formulas: &&, ||, ! (Combination of theory of integers and theory of functions.)

20 Suppose we find values for integers When can we find functions? f(i) = x && f(j) = y i  0, j  1, x  5, y  7 example f: f(i) = x && f(j) = y && i == j i  1, j  1, x  5, y  7 example f: Note if we have f(f(i))=x 

21 Satisfiability of Constraints with Uninterpreted Functions If we have a model for integer values such that then we can extend it to a model of functions. How to ensure we only find models that satisfy constraints? (Ackermann encoding)

22 Now we can handle static arrays wp(x=E, P) =

23 Reference Fields class Node { Node next; } How to model ‘next’ field? y = x.next;  x.next = y; 

Download ppt "Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”"

Similar presentations

A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.

This Week Finish relational semantics Hoare logic Interlude on one-point rule Building formulas from programs.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.

David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 19: Minding Ps & Qs: Axiomatic.
Partial correctness © Marcelo d’Amorim 2010.

Partial correctness © Marcelo d’Amorim 2010.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Similar presentations

Ads by Google