Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 How to transform an abstract analyzer into an abstract verifier.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 How to transform an abstract analyzer into an abstract verifier."— Presentation transcript:

1 1 How to transform an abstract analyzer into an abstract verifier

2 2 Type verification in a functional language §we choose the let-polymorphic type interpreter l type verification à la ML same type system verification does not require any fixpoint computation

3 3 Abstract verification  F  = abstract semantic evaluation function  S  = specification of the property, i.e., abstraction of the intended concrete semantics  partial correctness:  (lfp F)   S   sufficient partial correctness condition: F  ( S  )    S 

4 4 The language: syntax §type ide = Id of string §type exp = l | Eint of int l | Var of ide l | Sum of exp * exp l | Diff of exp * exp l | Ifthenelse of exp * exp * exp l | Fun of ide * exp l | Rec of ide * exp l | Appl of exp * exp l | Let of ide * exp * exp l | Letrec of ide * exp * exp

5 5 The abstract domain of parametric polytypes type evalt = Notype | Vvar of string | Intero | Mkarrow of evalt * evalt type tscheme = Forall of (string list) * evalt type eval = tscheme * (evalt * evalt) list

6 6 Abstract verification of types F  ( S  )    S  §a program is an expression in the language  its specification S  is its intended type l rather than taking an element of eval, we take an element of evalt a further abstraction in which we forget quantifiers and constraints not important for closed expressions without global environment  the abstract semantic evaluation function F  is of course the abstract interpreter sem what is the meaning of F  ( S  ) 

7 7 The meaning of F  ( S  )    S  §in a language with constructs which create a global environment (typically containing functions), S  is an abstract environment associating to each global name its specification l the new expression is evaluated in such an environment assuming that all the global values satisfy their specification using the specification rather than the semantics for the global objects l small, modular proofs, which allow us to locate possible bugs §in our language we have closed expressions only F  ( S  ) is exactly the same as F  for all the syntactic constructs, apart from recursive function definition, where S  (when available, top level) has to be used as first approximation of their abstract value

8 8 The implementation of F  ( S  ) let new (e:exp) spec = let r = emptyenv in match e with | Rec(i,e1) -> sem e1 (bind(r,i,(Forall([],spec),[]))) | _ -> sem e r)

9 9 Why checking F  ( S  )    S  rather than lfp F    S    why computing F  ( S  )  rather than lfp F   §no fixpoint computation l more efficient l possible even with non-noetherian domains §modular proofs l in which the proof of a component uses the specification rather than the semantics of the other components

10 10 The implementation of F  ( S  )    S  let le (t,spec) = let sigma = unifylist [(spec,t)] in match sigma with |Fail -> false |Subst(_) -> let t1= (generalize spec (Subst []) emptyenv,[]) in let t2= (generalize (applysubst sigma spec) (Subst []) emptyenv,[]) in abstreq(t1,t2) let check (e:exp) spec = let r = emptyenv in match new e spec with |(Forall(_,Notype),_) -> false |(Forall(_,t1),_) -> le(t1,spec)

11 11 Examples 1 # let f x = x in f f;; - : '_a -> '_a = #let ff = Let(Id "f",Fun(Id "x", Var(Id "x")),Appl(Var(Id "f"),Var(Id "f")));; # sem1 ff [] 0;; - : evalt * (string * evalt) list = Mkarrow (Vvar "var2", Vvar "var2"), [] # check ff (Mkarrow (Vvar "a", Vvar "a"));; - :bool = true # check ff (Mkarrow (Intero, Intero));; - :bool = true # check ff (Mkarrow (Intero, Vvar "a"));; - :bool = false # check ff (Mkarrow (Mkarrow (Vvar "a", Vvar "a"), Mkarrow (Vvar "a", Vvar "a")));; - :bool = true # check ff (Mkarrow (Mkarrow (Vvar "a", Vvar "a"), Mkarrow (Vvar "a", Vvar "b")));; - :bool = false

12 12 Examples 2 # sem1 monster [] 2;; - : evalt * (string * evalt) list = Mkarrow(Mkarrow (Vvar "var43", Vvar "var43"), Mkarrow(Mkarrow (Vvar "var43", Vvar "var36"), Mkarrow(Intero, Mkarrow (Vvar "var43", Vvar "var36")))), [] # check monster (Mkarrow(Mkarrow (Vvar ”A", Vvar ”A"), Mkarrow(Mkarrow (Vvar ”A", Vvar ”B"),Mkarrow(Intero, Mkarrow (Vvar ”A", Vvar ”B")))));; - :bool = true

13 13 Examples 3 # let loop = Rec(Id "loop",Fun(Id "p",Fun(Id "f",Fun(Id "x",Ifthenelse(Appl(Var(Id "p"),Var(Id "x")),Var(Id "x"), Appl(Appl(Appl(Var(Id "loop"),Var(Id "p")),Var(Id "f")), Appl(Var(Id "f"),Var(Id "x"))))))));; # sem1 loop [] 0;; - : evalt * (string * evalt) list =Mkarrow (Mkarrow (Vvar "var15", Intero), Mkarrow (Mkarrow (Vvar "var15", Vvar "var15"), Mkarrow (Vvar "var15", Vvar "var15"))), [] # check loop (Mkarrow(Mkarrow (Vvar "a", Intero), Mkarrow(Mkarrow (Vvar "a", Vvar "a"), Mkarrow (Vvar "a", Vvar "a"))));; - :bool = true # check loop (Mkarrow(Mkarrow (Vvar "b", Intero), Mkarrow(Mkarrow (Vvar "a", Vvar "a"), Mkarrow (Vvar "a", Vvar "a"))));; - :bool = false # check loop (Mkarrow(Mkarrow (Intero, Intero), Mkarrow(Mkarrow (Intero, Intero), Mkarrow (Intero, Intero ))));; - :bool = true

Download ppt "1 How to transform an abstract analyzer into an abstract verifier."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
More ML Compiling Techniques David Walker. Today More data structures lists More functions More modules.

More ML Compiling Techniques David Walker. Today More data structures lists More functions More modules.
1 A simple abstract interpreter to compute Sign s.

1 A simple abstract interpreter to compute Sign s.
1 Some abstract interpreters for type inference. 2 Types as abstract interpretations §inspired by a paper of Cousot (POPL ‘97), which l derives several.

1 Some abstract interpreters for type inference. 2 Types as abstract interpretations §inspired by a paper of Cousot (POPL ‘97), which l derives several.
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.

Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
© M. Winter COSC 4P41 – Functional Programming 10. 1 Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,

© M. Winter COSC 4P41 – Functional Programming Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =

ML: a quasi-functional language with strong typing Conventional syntax: - val x = 5; (*user input *) val x = 5: int (*system response*) - fun len lis =
Cs784(TK)1 Semantics of Procedures and Scopes. Kinds of Scope Static or Lexical scope –determined by structure of program –Scheme, C++, Java, and many.

Cs784(TK)1 Semantics of Procedures and Scopes. Kinds of Scope Static or Lexical scope –determined by structure of program –Scheme, C++, Java, and many.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.

Correctness. Until now We’ve seen how to define dataflow analyses How do we know our analyses are correct? We could reason about each individual analysis.
Denotational Semantics Syntax-directed approach, generalization of attribute grammars: –Define context-free abstract syntax –Specify syntactic categories.

Denotational Semantics Syntax-directed approach, generalization of attribute grammars: –Define context-free abstract syntax –Specify syntactic categories.

Similar presentations

Ads by Google