Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Published byMilton Hibbitts Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI."— Presentation transcript:

1 Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI Computer Science Lab, Menlo Park)

2 Stellenbosch?

3 Automated Deduction Software Engineering Verification

4 Automated deduction uses computation to perform symbolic logical reasoning * * [101] Shankar. Automated deduction for verification. ACM Computing Surveys. 2009 Is a logical formula φ valid? or is there a counter-example? in which case !φ is satisfiable φ valid iff !φ unsatisfiable

5 Is a logical formula φ satisfiable? Is there a Model that satisfies φ? Satisfiability checking procedures are the cornerstone of automated deduction

6 We tend to want to know about our code … Given that we have a specification of what is expected

7 φ Program Specification Logic Formula Automated Deduction Tool

8 LogicsTechniques First-order logic Automated Theorem Proving Propositional logicSAT Solvers Expressiveness Automation From around the early-mid 1990s SAT solvers improved dramatically

9 Program φ Logic Formula Integer arithmetic Arrays BitVectors Floating point Strings Linear integers Heaps Machine integers Features Floating point Theories Strings + Satisfiability Modulo Theories (SMT) Solvers Fully Automated Satisfiability Checkers Perfect fit for solving Software Engineering problems

10 Verification Full automation is not always possible Formulas to prove can fall outside of decidable fragment Even if it can be proved it might be too slow or require tricky invariants Requires human interaction Proof Environments

11 Too much manual effort seL4 microkernel verification took 20 man years using Isabelle/HOL Program Verifiers are more domain specific they verify annotations in the code holds Spec# ESC-Java

12 Model Checking Explicit stateSymbolic Predicate Abstraction with CEGAR BDDsSAT SLAMBLAST(Nu)SMVCBMC is M a model for φ

13 Symbolic Execution void test(int x, int y) { if (y == x*10) S0; else S1; if (x > 3 && y > 10) S2; else S3; } [ Y=X*10 ] S0 [ X>3 & 10<Y=X*10] S2 [ true ] test (X,Y) [ Y!=X*10 & !(X>3 & Y>10) ] S3 [ Y!=X*10 ] S1 [ Y=X*10 & !(X>3 & Y>10) ] S3 [ X>3 & 10<Y!=X*10] S2 SMT solvers check feasibility Test cases derived from models

14 Concolic Dynamic SE void test(int x, int y) { if (y == x*10) S0; else S1; if (x > 3 && y > 10) S2; else S3; } [ Y=X*10 ] S0 [ X>3 & 10<Y=X*10] S2 [ true ] test (0,1) [ Y!=X*10 & !(X>3 & Y>10) ] S3 [ Y!=X*10 ] S1 [ Y=X*10 & !(X>3 & Y>10) ] S3 [ X>3 & 10<Y!=X*10] S2 Pick random inputs Collect PC during execution Negate one of the conditions If feasible derive new inputs [ Y!=X*10 & (X>3 & Y>10) ] => Test(4,11)

15 (Dynamic) Symbolic Execution is the poster child for the positive effect of AD in SE An idea from the early 1970s that only sprang to life in late 1990s due to the advances in SAT/SMT solving

16 Automated Deduction Software Engineering In the past currently

17 SE drivers for AD Heaps Locally finite theories with limited quantification Data structuresMonadic 2 nd Order Logic (Bounded) Software Model Checking Horn Clauses SecurityStrings Reliability and Information Flow Model Counting (#SAT)

18 Not good enough any more For test case generation we need models High-integrity code need certifiable proofs Fault localization and repair need unsatisfiable cores Reliability analysis need number of solutions

19 Informal Survey of SE Researchers What would you like to see most from an Automated Deduction tool? Black-box with limited visibility to internals White-box that exposes inner workings Want to know why not just what

20 Lessons from Automated Deduction Competitions/Benchmarking Interoperability TPTP DIMACS SMT-LIB2 vs CASC (1996) SMT-COMP (2005) vs SATE (2008) SV-COMP and RERS (2012) SyGus-COMP (2014)

21 Some New Trends in SE Synthesis Education Sketching * harness void doubleSketch(int x){ int t = x * ??; assert t == x + x; } * http://people.csail.mit.edu/asolar/sketch2012/ Learning to Code

22 Some More Trends Probabilistic Analysis Reliability [ X>3 & 10<Y=X*10] [ X>3 & 10<Y!=X*10] [ Y!=X*10 & !(X>3 & Y>10) ] [ Y=X*10 & !(X>3 & Y>10) ] y=10x x>3 & y>10 1 0.999 0.855 0.001 0.6 0.4 0.145 0.0006 0.00040.8538 0.1452

23 Automated Deduction Software Engineering In the past currently Black-box with limited visibility to internals White-box that exposes inner workings Want to know why not just what

Download ppt "Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI."

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 15 January 2009 Séminaire Digiteo Orsay, France.

K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond, WA, USA 15 January 2009 Séminaire Digiteo Orsay, France.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania www.cis.upenn.edu/~alur/

Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania
Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.

Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research.
50.530: Software Engineering

50.530: Software Engineering
Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Symbolic Execution & Constraint Solving CS161 Computer Security Cho, Chia Yuan.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,

Programming with Constraint Solvers CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California,
Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.

Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Similar presentations

Ads by Google