Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Pointer Assertion Logic Engine Anders Møller Michael I. Schwartzbach CMSC 631 presentation: Nikolaos Frangiadakis.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Pointer Assertion Logic Engine Anders Møller Michael I. Schwartzbach CMSC 631 presentation: Nikolaos Frangiadakis."— Presentation transcript:

1 The Pointer Assertion Logic Engine Anders Møller Michael I. Schwartzbach CMSC 631 presentation: Nikolaos Frangiadakis

2 Motivation Finding bugs Fixing them Providing counterexamples Want sound Construct FSM Use for safety-critical data types Help optimization

3 The process MONA PALE annotated code PALE: Pointer Assertion Logic Engine tool MONA: MONAdic second order logic engine Result: If ok  Claim sound If not  Counterexample

4 Graph types example tree-shaped data struct + extra pointers data pointers: backbone pointer fields: conditions Other Examples: doubly-linked cyclic list binary trees binary trees in which all the leaves are joined in a cyclic list red - black trees :) and so on... Example I: List with pointer to the last element : type Head = { data first: Node; pointer last: Node[this.first last]; } type Node = { data next: Node; } Example II: Binary tree with cyclic post order pointers : type Node = { data left,right:Node; pointer post:Node[POST(this,post)]; pointer parent:Node[PARENT(this,parent)]; }

5 Graph types A Graph type is a recursive type with auxiliary pointers: the recursive type defines a spanning tree (the “backbone”) the auxiliary pointers provide short-cuts across the backbone or into other trees they must be functionally determined by the backbone(“well formedness”) they are defined by “routing expressions” Constraining to Graph types  Decidable

6 Annotation Store Model : records Program vars Records (Pointers,Bools)  Organized in backbone constructs Program variables (data vars, pointer vars) Pointer Assertion Language Data Structure Invariants Loop invariants If..then..else invariants Procedure invariants

7 Hoare triples  MONA Split the program into Hoare triples: {pre} stm {post} In MONA: assertions instead of post conditions Graph types need only be valid at cut-points multiple assignments allowed, but no loops Verify each triple separately Sound when annotation ok Can include check for null-pointer dereference and other memory errors

8 Encoding Monadic : Single argument Second order: This argument can be a First Order Logic Function Here is a variable: Null_p() :true if p is Null bool_T_b(v): value of record v of type T (bool) Succ_T_d(v,w): true if rec w reachable from rec along data field d Each time a state

9 Why monadic second order logic BDD: Binary Decision Diagrams WS1S: Weak Second order theory of one or two successors

10 MONA encoding Example ( Hyman’s mutual exclusion algorithm: ) while true do begin 1 2 bi := true 3 while ( k  i ) do begin 4 while ( b1-i ) do skip 5 k := i end 6 7 bi := false end

11 MONA Example var2 PC0’, PC0’’, PC0’’’, PC1’, PC1’’, PC1’’’, b0, b1, k; pred p0_at_line_1(var1 t) = t  PC0’  t  PC0’’   PC0’’’; pred p0_at_line_2(var1 t) = t  PC0’  t  PC0’’  t  PC0’’’;... pred b0_false(var1 t) = t  b0; pred b0_true(var1 t) = t  b0;... pred k_is_0(var1 t) = t  k; pred k_is_1(var1 t) = t  k; while true do begin 1 2 b i := true 3 while ( k  i ) do begin 4 while (b i-1 ) do skip 5 k := i end 6 7 b i := false end

12 MONA Example pred p0_proc_step(var1 t) = (p0_at_line_1(t)  p0_at_line_2(succ(t))  unchanged_vars(t))  (p0_at_line_2(t)  p0_at_line_3(succ(t))  b0_true(succ(t))  unchanged_k(t)  unchanged_b1(t))  (p0_at_line_3(t)  (unchanged_vars(t)  (k_is_0(t)  p0_at_line_6(succ(t)))  (k_is_1(t)  p0_at_line_4(succ(t))))) ... (p0_at_line_7(t)  p0_at_line_1(succ(t))  b0_false(succ(t)) ... while true do begin 1 2 b i := true 3 while ( k  i ) do begin 4 while (b i-1 ) do skip 5 k := i end 6 7 b i := false end

13 MONA result Valid()  1 t:  (p0_at_line_6(t)  p1_at_line_6(t))); A counter-example of least length (10) is: PC0’ 0 0 0 0 0 1 1 1 0 1 PC0’’ 0 0 0 1 1 0 0 0 1 0 PC0’’’ 0 0 1 0 1 0 0 0 0 1 PC1’ 0 0 0 0 0 0 0 1 1 1 PC1’’ 0 0 0 0 0 0 1 0 0 0 PC1’’’ 0 1 1 1 1 1 0 1 1 1 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1

14 MONA Example A counter-example of least length (10) is: PC0’ 1 1 2 3 4 5 5 5 3 6 PC1’ 1 2 2 2 2 2 3 6 6 6 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1 while true do begin 1 2 b0 := true 3 while ( k  0 ) do begin 4 while (b 1 ) do skip 5 k := 0 end 6 7 b 0 := false end while true do begin 1 2 b1 := true 3 while ( k  1 ) do begin 4 while (b 0 ) do skip 5 k := 1 end 6 7 b 1 := false end

15 A counter-example of least length (10) is: PC0’ 1 1 2 3 4 5 5 5 3 6 PC1’ 1 2 2 2 2 2 3 6 6 6 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1 while true do begin 1 2 b0 := true 3 while ( k  0 ) do begin 4 while (b 1 ) do skip 5 k := 0 end 6 7 b 0 := false end while true do begin 1 2 b1 := true 3 while ( k  1 ) do begin 4 while (b 0 ) do skip 5 k := 1 end 6 7 b 1 := false end MONA Example

16 A counter-example of least length (10) is: PC0’ 1 1 2 3 4 5 5 5 3 6 PC1’ 1 2 2 2 2 2 3 6 6 6 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1 while true do begin 1 2 b0 := true 3 while ( k  0 ) do begin 4 while (b 1 ) do skip 5 k := 0 end 6 7 b 0 := false end while true do begin 1 2 b1 := true 3 while ( k  1 ) do begin 4 while (b 0 ) do skip 5 k := 1 end 6 7 b 1 := false end MONA Example

17 A counter-example of least length (10) is: PC0’ 1 1 2 3 4 5 5 5 3 6 PC1’ 1 2 2 2 2 2 3 6 6 6 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1 while true do begin 1 2 b0 := true 3 while ( k  0 ) do begin 4 while (b 1 ) do skip 5 k := 0 end 6 7 b 0 := false end while true do begin 1 2 b1 := true 3 while ( k  1 ) do begin 4 while (b 0 ) do skip 5 k := 1 end 6 7 b 1 := false end MONA Example

18 A counter-example of least length (10) is: PC0’ 0 0 1 2 3 4 4 4 2 5 PC1’ 0 1 1 1 1 1 2 5 5 5 b0 0 0 0 1 1 1 1 1 1 1 b1 0 0 0 0 0 0 1 1 1 1 k 0 0 0 0 0 0 0 0 1 1 while true do begin 1 2 b0 := true 3 while ( k  0 ) do begin 4 while (b 1 ) do skip 5 k := 0 end 6 7 b 0 := false end while true do begin 1 2 b1 := true 3 while ( k  1 ) do begin 4 while (b 0 ) do skip 5 k := 1 end 6 7 b 1 := false end MONA Example

19 Aspects Data abstraction Of value properties Automatic tracking when assigned Comparison with TVLA (Three Valued Logic Analyzer) Seem to found a bug In exhibited cases: PALE significantly faster Idea: trade-off between expressiveness - speed formally

20 Statistics

21 Opinions Needs heuristics, Automatic code annotation? (40ln  90 ln) SLAM style Iterative process? Optimization?

22 Questions? Thank you

23 Kinds of predicates

24 Pointer Assertion Logic

25

26 Data Types Graph types tree-shaped data struct + extra pointers data pointers: backbone pointer fields: conditions Example:  l ist with pointer to the last element : type Head = { data first: Node; pointer last: Node[this.first last]; } type Node = { data next: Node; } Other Examples:  doubly-linked cyclic list  binary trees  binary trees in which all the leaves are joined in a cyclic list  red - black trees :) and so on...

27

Download ppt "The Pointer Assertion Logic Engine Anders Møller Michael I. Schwartzbach CMSC 631 presentation: Nikolaos Frangiadakis."

Similar presentations

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.

Model Checking Lecture 4. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.

Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.
Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.

Analysis of programs with pointers. Simple example What are the dependences in this program? Problem: just looking at variable names will not give you.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Some Properties of SSA Mooly Sagiv. Outline Why is it called Static Single Assignment form What does it buy us? How much does it cost us? Open questions.

Some Properties of SSA Mooly Sagiv. Outline Why is it called Static Single Assignment form What does it buy us? How much does it cost us? Open questions.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.

Similar presentations

Ads by Google