Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University.

Published byJack Chittenden Modified over 9 years ago

Similar presentations

Presentation on theme: "HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University."— Presentation transcript:

1 HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University of Singapore

2 HIP/SLEEK 22 Proposition Design and build software that is correct by construction (with respect to specification) Type System  Separation Logic

3 3 HIP/SLEEK

4 44 Features of HIP/SLEEK Can specify complex data structures to support symbolic verification. (i) expressive (shapes+size, term) (ii) automation (with inference) (iii) modular (better reuse) (iv) scalable (proof slicing)

5 HIP/SLEEK 55 Overall System code verifier (HIP) separation logic prover (SLEEK) Pre/Post Predicates Lemmas Code range of pure provers … Omega, MONA, Isabelle, Coq, SMT, Redlog, MiniSAT, Mathematica Under development since 2006 (180K lines of Ocaml).

6 HIP/SLEEK 66 Topics Expressivity Separation Logic (VMCAI07,POPL08) Immutability (OOPSLA11) Structured Spec (FM11) Termination & Resources Concurrency Automation Specification Inference

7 HIP/SLEEK 77 Expressivity

8 HIP/SLEEK 88 Acyclic Linked-List list(self)  self=null  9 r. self  node(_, r)  list(r) Example of Acyclic List : list(x) x null data node { int val; node next } pointer to memory spatial conjunction

9 HIP/SLEEK 99 Syntactic Abbreviation list(self)  self=null  9 r. self  node(_, r)  list(r) list   self=null  self::node  _, r   r::list  implicit existential instantiation

10 HIP/SLEEK 10 Method – append two lists void append(node x, node y) { if (x.next==null) x.next=y; else append(x.next,y); } requires x::list<> * y::list<> & x!=null ensures x::list<> ; Shape Specification for memory safety

11 HIP/SLEEK 11 A different append of two lists void append(ref node x, node y) { if (x==null) x=y; else append(x.next,y); } requires x::list<> * y::list<> ensures x’::list<> ;

12 HIP/SLEEK 12.. with Size ll  n   self=null Æ n=0  9 r. self  node  _, r   r::ll  n-1  inv n ¸ 0 x::ll  5  x null parameter on length of linked list

13 HIP/SLEEK 13 Method – append two lists void append(node x, node y) { if (x.next==null) x.next=y; else append(x.next, y); } requires x::ll * y::ll & x!=null ensures x::ll ;

14 HIP/SLEEK 14 … with Size & Bag list  n,B   self=null Æ n=0 Æ B={ }  9 v,r,B1. self::node  v, r   r::list  n-1,B1  Æ B={v} [ B1 inv n ¸ 0 & n=|B|

15 HIP/SLEEK 15 … with Bag & Sortedness lsort  n,B   self=null Æ B={ } Æ n=0  9 r. self::node  v, r   r::lsort  n-1,B1  Æ B={v} [ B1 Æ 8 x 2 B1. v · x inv n ¸ 0 Other properties, such as sequences, maps, may also be used if they can be handled by automated prover.

16 HIP/SLEEK 16 Append Method void append(node x, node y) { if (x.next==null) x.next=y; else append(x.next,y); } requires x::list * y::list & x  null ensures x::list ; requires x::lsort * y::lsort & x  null & 8 a 2 B1. 8 b 2 B2. a · b ensures x::lsort ;

17 HIP/SLEEK 17 Termination Specifications Ongoing Work

18 HIP/SLEEK 18 A Loop while (x>0) { x=x+y; } What spec to give to this loop? void loop(ref int x, int y) { if (x>0) { x = x+y; loop(x,y); } } First, convert it to a tail-recursive function: what spec to give?

19 HIP/SLEEK 19 Use of Case Spec Three scenarios : void loop(ref int x, int y) { if (x>0) { x = x+y; loop(x,y); } } case { x ≤ 0 -> ensures x  0 -> case { y ≥ 0 -> ensures y  0 -> ensures } x’=x ; false; y  x’ ≤ 0 ; base case non-terminating recursive but terminating

20 HIP/SLEEK 20.. with temporal annotations Three scenarios : void loop(ref int x, int y) { if (x>0) { x = x+y; loop(x,y); } } case { x ≤ 0 -> requires Term[] ensures x’=x; x  0 -> case { y ≥ 0 -> requires Loop ensures false; y  0 -> requires Term[x] ensures y  x’ ≤ 0; } temporal constraints

21 HIP/SLEEK 21 Specification Inference Ongoing Work

22 Modular Shape Inference int length(node x) infer [H,G] requires H(x) ensures G(x) { if (x==null) return 0; else node p = x.next; return (1 + length(p)); } HIP/SLEEK 22

23 Modular Shape Inference //POST (1) H(x) & x= null => G(x) //BIND (2) H(x) & x!= null => x::node * HP(p) //PRE-REC (3) HP(p) => H(p) //POST (4) x::node * G(p) => G(x) HIP/SLEEK 23

24 Modular Shape Inference H(x) == emp * x= null \/ x::node * H(p) G(x) ==emp * x= null \/ x::node * G(p) HIP/SLEEK 24

25 HIP/SLEEK 25 Automation SLEEK + Demo

26 HIP/SLEEK 26 Automated Verification int length(node x) requires x::ll ensures x::ll & res=n { if (x==null) return 0; // x=null & n = 0 & res = 0 |- x::ll & res = n else node p = x.next; // x::ll & x!=null |- x::node // x::node * q::ll & x!=null & p = q |- p::ll return (1 + length(p)); // x::node * p::ll & x!=null & res = 1 + n – 1 |- x::ll & res = n }

27 HIP/SLEEK 27 SLEEK : SL Entailment chEcKer checkentail x=null |- x::ll. checkentail x::node *q::ll |- x::ll. checkentail x::ll & n>2 |- x::node. n=0 n=3 q::ll & n>2

28 HIP/SLEEK 28 May and Must Errors checkentail x::ll |- x::node.  may failure checkentail x::ll & n>2 |- x=null.  must failure Demo

29 HIP/SLEEK 29 Desired Targets Verify/Analyze your favorite programs Imperative Programs Heap-based Data Structures Recursion Concurrency Generic and Higher-Order Programs

30 HIP/SLEEK 30 Conclusion Hardware community has accepted verification. Verified software is our future for high- assurance and reliable software. Many challenges still on scalability, automation, expressivity, concurrency and inference, higher-order programs. http://loris-7.ddns.comp.nus.edu.sg/~project/hip/index.html

Download ppt "HIP/SLEEK11 HIP/SLEEK :Automatic Verification and Specification Inference System Wei-Ngan Chin & Asankhaya Sharma Dept of Computer Science National University."

Similar presentations

A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,

B. Sharma, S.D. Dhodapkar, S. Ramesh 1 Assertion Checking Environment (ACE) for Formal Verification of C Programs Babita Sharma, S.D.Dhodapkar RCnD, BARC,
1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.

1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.
Formal Specification and Verification. Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with.

Formal Specification and Verification. Specifications Imprecise specifications can cause serious problems downstream Lots of interpretations even with.
CS 355 – Programming Languages

CS 355 – Programming Languages
Concepts of Programming Languages 1 Describing Syntax and Semantics Brahim Hnich Högskola I Gävle

Concepts of Programming Languages 1 Describing Syntax and Semantics Brahim Hnich Högskola I Gävle
Temporal Logic of Actions (TLA) Leslie Lamport

Temporal Logic of Actions (TLA) Leslie Lamport
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.

From last time S1: l := new Cons p := l S2: t := new Cons *p := t p := t l p S1 l p tS2 l p S1 t S2 l t S1 p S2 l t S1 p S2 l t S1 p L2 l t S1 p S2 l t.
Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.

Extensible Untrusted Code Verification Robert Schneck with George Necula and Bor-Yuh Evan Chang May 14, 2003 OSQ Retreat.
90-723: Data Structures and Algorithms for Information Processing Copyright © 1999, Carnegie Mellon. All Rights Reserved. Lecture 8: Recursion Data Structures.

90-723: Data Structures and Algorithms for Information Processing Copyright © 1999, Carnegie Mellon. All Rights Reserved. Lecture 8: Recursion Data Structures.

Similar presentations

Ads by Google