Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Verification with HIP and SLEEK Asankhaya Sharma.

Published byJessie Hahn Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Verification with HIP and SLEEK Asankhaya Sharma."— Presentation transcript:

1 Automated Verification with HIP and SLEEK Asankhaya Sharma

2 Recall the List length Example int length(struct node* p) /*@ requires p::list ensures p::list & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } Memory Safety Length of the List Bag of Values

3 With Immutability int length(struct node* p) /*@ requires p::list<>@I ensures res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); } With Immutability Annotation More concise and precise specification

4 Recall the List Append Example void append(node* x, node* y) requires x::list & x != null & x = y ensures requires x::list & x != null ensures { if(x->next==NULL) x->next=y; else append(x->next,y); } x::clist x::lseg

5 With Immutability void append(node* x, node* y) requires x::lseg @I * p::node ensures p::node { if(x->next==NULL) x->next=y; else append(x->next,y); } Immutable List Segment Cut point preservation

6 Aliasing Example int foo(cell x, cell y) requires x::cell * y::cell ensures x::cell * y::cell & res = a+b requires x::cell & x = y ensures x::cell & res = 2*a; { return x.val + y.val; }

7 Heap Sharing with Immutability int foo(cell x, cell y) requires x::cell @I & y::cell @I ensures res = a+b { return x.val + y.val; } Allows Aliasing

8 Immutable Specifications Many programs do not change their input Use immutable specifications, where possible – More information (about the code) – More concise (for multiple pre/post) – More accurate (as cut points are preserved) – More efficient (as less folding is needed) – More control (don’t modify data)

9 Verification of Concurrent Programs Fork/join concurrency + (mutex) locks + barriers Properties – Functional correctness – Data-race freedom – Deadlock freedom Permission-based heaps, e.g. x::cell(0.5) * y::cell(0.5)

10 Example : thread as resource data cell { int val;} void thread1 (cell x) requires x::cell * y::cell ensures x::cell * y::cell ; { x.val = x.val + 1; y.val = y.val + 2;} void thread2 (thrd t1, cell y) requires t1::thrd > ensures y::cell ; { join(t1); y.val = y.val + 2;} void main() requires true ensure true; { cell x = new cell(0); cell y = new cell(0); thrd t1 = fork(thread1,x,y); //{t1::thrd * y::cell >} //{t1::thrd > * t1::thread >} thrd t2 = fork(thread2,t1,y); //{t1::thrd > join(t1); x.val = x.val + 1; join(t2); assert( x::cell * y::cell ); }

11 Example main thrd t1 = fork(thread1,x,y); thread1 thrd t2 = fork(thread2,t1,y); thread2 join(t1); join(t2); x,y t1 t1,t2 t1 x y t2,x y x,y multi-join

12 Further Reading David, Cristina, and Wei-Ngan Chin. "Immutable specifications for more concise and precise verification." In ACM SIGPLAN Notices, vol. 46, no. 10, pp. 359-374. ACM, 2011.

Download ppt "Automated Verification with HIP and SLEEK Asankhaya Sharma."

Similar presentations

1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,

1 Lecture 5 Towards a Verifying Compiler: Multithreading Wolfram Schulte Microsoft Research Formal Methods 2006 Race Conditions, Locks, Deadlocks, Invariants,
Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block.

TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
50.003: Elements of Software Construction Week 6 Thread Safety and Synchronization.

50.003: Elements of Software Construction Week 6 Thread Safety and Synchronization.
50.530: Software Engineering Sun Jun SUTD. Week 13: Rely-Guarantee Reasoning.

50.530: Software Engineering Sun Jun SUTD. Week 13: Rely-Guarantee Reasoning.
An Case for an Interleaving Constrained Shared-Memory Multi-Processor Jie Yu and Satish Narayanasamy University of Michigan.

An Case for an Interleaving Constrained Shared-Memory Multi-Processor Jie Yu and Satish Narayanasamy University of Michigan.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.

HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.
Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.

Verification of Multithreaded Object- Oriented Programs with Invariants Bart Jacobs, K. Rustan M. Leino, Wolfram Schulte.
A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.

A simple sequential reasoning approach for sound modular verification of mainstream multithreaded programs Wolfram Schulte & Bart Jacobs Microsoft Research.
Mutability SWE 332 Fall 2011 Paul Ammann. SWE 3322 Data Abstraction Operation Categories Creators Create objects of a data abstraction Producers Create.

Mutability SWE 332 Fall 2011 Paul Ammann. SWE 3322 Data Abstraction Operation Categories Creators Create objects of a data abstraction Producers Create.
Static Data Race detection for Concurrent Programs with Asynchronous Calls Presenter: M. Amin Alipour Software Design Laboratory

Static Data Race detection for Concurrent Programs with Asynchronous Calls Presenter: M. Amin Alipour Software Design Laboratory
Concurrency and Thread Yoshi. Two Ways to Create Thread Extending class Thread – Actually, we need to override the run method in class Thread Implementing.

Concurrency and Thread Yoshi. Two Ways to Create Thread Extending class Thread – Actually, we need to override the run method in class Thread Implementing.
Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.

Threading Part 2 CS221 – 4/22/09. Where We Left Off Simple Threads Program: – Start a worker thread from the Main thread – Worker thread prints messages.
Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with: Stefan Heule, Rustan Leino, Peter Müller ETH Zurich MSR Redmond ETH.

Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with: Stefan Heule, Rustan Leino, Peter Müller ETH Zurich MSR Redmond ETH.

Similar presentations

Ads by Google