Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26, 2010 1.

Published byAdelia Wells Modified over 9 years ago

Similar presentations

Presentation on theme: "Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26, 2010 1."— Presentation transcript:

1 Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26, 2010 1

2 Paper Information Title Lazy Annotation for Program Testing and Verification Author Kenneth L. McMillan Publication (2010) Computer Aided Verification, 22nd International Conference, Edinburgh, UK, pp. 104-118, 2010 November 26, 2010 2

3 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 3

4 Introduction An interpolant-based approach to test generation and model checking for sequential programs Sequential programs ≠ sequential circuits The method generates Floyd/Hoare style annotations of the program on demand Inspired from DPLL approach to Boolean satisfiability which combining search and deduction Focuses deduction where the search becomes blocked Deduce facts that guide the search away from the failure November 26, 2010 4

5 Hoare Triple A triple describes how the execution of a piece of code changes the state of the computation where P and Q are assertions and C is a command {P} C {Q} P is named the precondition and Q the postcondition: when the precondition is met, the command establishes the postcondition Example Empty statement axiom: November 26, 2010 5 Quick sort !!

6 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 6

7 Preliminary of algorithm Designate a set of program locations as goals to be reached the goals are calls to a function error The vertices (locations) and edges (statements) of the program’s control flow graph will be labeled with formulas A label represents a condition under which no goal can be reached Don’t forget goal = error November 26, 2010 7

8 Flow of algorithm Initially, there are no labels (no annotation being equivalent to false) Execute the program symbolically along some chosen path Each input to the program is represented by a symbolic value p i In the symbolic state, each program variable is evaluated as a symbolic expression over these parameters November 26, 2010 8

9 Flow of algorithm (con’t) A constraint is also maintained, which accumulates the conjunction of the branch guards along the chosen path Block-action We say state is blocked if the current vertex label is implied, meaning we cannot reach a goal from this state When we are blocked, we will backtrack along the edge we just executed, annotating it with a new label that blocks that edge November 26, 2010 9

10 Flow of algorithm (con’t) Decide-action (met branch) When choosing a branch to execute, we are guided by these edge labels A blocked edge cannot lead to a goal, so we always continue along an unblocked edge if there is one When all outgoing edges are blocked in the current state label the current location with the conjunction of the conditions that block the outgoing edges, thus blocking the current state and causing us to backtrack November 26, 2010 10

11 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 11

12 Case study: simple November 26, 2010 12 Enter this code at l 1 Symbolic state is x = p 0 with constraint T (true) Branching from l 1 → l 2 (one choice) Constraint p 0 = 0 At l 2, branch to l 3 or l 6 ? Neither edge is labeled, choose arbitrarily l 6 At l6, only one choice, branch to l7 Obtain the UNSAT constraint p 0 =0 ∧ p 0 <0 x = p 0 p 0 = 0 p 0 =0 ∧ p 0 <0

13 Case study: simple (con’t) November 26, 2010 13 At l 7, we are blocked, since F (false) holds in current state Current annotation is F Backtrack, annotate edge l 6 → l 7 Label l6: x ≥ 0, and we are blocked now since current state: x = 0 (x = 0 implies x ≥ 0) Backtrack to l 2, labeling edge l 2 → l 6 : x ≥ 0 F x ≥ 0

14 Case study: simple (con’t) November 26, 2010 14 Since the edge l 2 → l 3 is still unblocked, and follow it (Annotation forced the search in a different direction) Move on to l 4 Have y = p 1 (new input) At l 5, we have constraint p 1 ≥ 0 Arrive at l6 in the state x=p 0 +p 1 with constraints p 0 = 0 and p 1 ≥ 0 F y = p 1 p 1 > 0 x ≥ 0 x=p 0 +p 1, (constraints p 0 =0 and p 1 ≥0)

15 Case study: simple (con’t) November 26, 2010 15 Since “x = p 0 +p 1 & p 0 = 0 and p 1 ≥0” implies previous annotation l 6 : x≥0, we are blocked The fact we previously learned tells us There is no path to the goal from current state Backtrack to l 5 and take weakest precondition of x≥0, then gives us l 5 : x+y≥0 F x ≥ 0 x+y ≥ 0

16 Case study: simple (con’t) November 26, 2010 16 Backtrack to l 4, however, we observe a slight problem The weakest precondition of x + y ≥ 0 with respect to the (assertion y ≥ 0) is y < 0 ∨ x+y ≥ 0 The variable y is irrelevant here, and we could just as well block the state with x ≥ 0 x ≥ 0 is also a precondition, not the the weakest F x ≥ 0 x+y ≥ 0 ? x ≥ 0

17 Compute precondition with interpolant It can be computed by interpolant The precondition:l 4 : x ≥ 0 (not weakest) assume y ≥ 0 l 5 : x + y ≥ 0 When the weakest precondition would yield l 3 : ∀ y. (y < 0 ∨ x+y ≥ 0) We can simplify this to x ≥ 0, but this requires quantifier elimination, which can be very expensive By computing preconditions with interpolants, we avoid the need for quantifier elimination November 26, 2010 17

18 Case study: simple (con’t) November 26, 2010 18 Backtrack to l 2, labeling the edge (l 2 → l 3 ) with x ≥ 0 At l 2, both edges from l 2 are blocked label it with the conjunction of the blocking labels along these edges, yielding l2 : x ≥ 0 Finally, we label l1 : T, proving that the goal error cannot be reached from l1 F x ≥ 0 x+y ≥ 0 x ≥ 0 T

19 Interpolants from Proofs Given a pair of FOL formulas (A,B), such that A ∧ B is inconsistent, an interpolant for (A,B) is a formula Ā with the following properties: A implies Ā, Ā ∧ B is unsatisfiable, and Ā is in L(A) ∩ L(B) For a given formula ϕ, L( ϕ ) will denote the well-formed formulas (wff’s) over the uninterpreted vocabulary of ϕ Interpolant always exists for inconsistent formulas in FOL (Craig’s lemma) November 26, 2010 19

20 Something about Interpolant A(X,Y) Λ B(Y,Z) ≡ FALSE There exists I(Y) such that A(X,Y)  I(Y) I(Y) Λ B(Y,Z) ≡ FALSE The “best” interpolant: Interpolantion is an Existential Quantification November 26, 2010 20

21 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 21

22 Experimental Results Comparison of test generation with and without learning Y axis: # of coverage goals reached X axis: # of backtracks Compare # of backtracks Saturation (all reachable locations reached) Completion November 26, 2010 22 The effect is more pronounced in the large program, with learning reducing backtracks to completion by factor 84

23 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 23

24 Conclusion Deduce program annotations in response to search failure, much in the way that a DPLL SAT solver learns conflict clauses Without learning, there are long plateaus during which many paths are explored but no new locations are reached Learning clearly acts to push the search away from these regions, allowing the search to make steady progress November 26, 2010 24

25 Outline Introduction Overview of algorithm Case study Experimental results Conclusion Some ideas November 26, 2010 25

26 Some Ideas Apply the concept of learning method of DPLL SAT solving to prune the searching space of other research topic, such as QBF, model checking, and so on Using interpolants can avoid the expense of quantifier elimination Predicate image computation November 26, 2010 26

27 Thanks for your attention November 26, 2010 27

Download ppt "Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26, 2010 1."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.
Exploiting SAT solvers in unbounded model checking

Exploiting SAT solvers in unbounded model checking
Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.

Exploiting SAT solvers in unbounded model checking K. L. McMillan Cadence Berkeley Labs.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Software Model Checking with SMT Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
50.530: Software Engineering

50.530: Software Engineering
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.

1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.
Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.

Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.

Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
1 Discrete Structures Lecture 29 Predicates and Programming Read Ch. 10.1 - 10.2.

1 Discrete Structures Lecture 29 Predicates and Programming Read Ch
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Similar presentations

Ads by Google