Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MSR/Cambridge Formal Verification Overview Byron Cook Microsoft Research, Cambridge.

Published byJanice Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "1 MSR/Cambridge Formal Verification Overview Byron Cook Microsoft Research, Cambridge."— Presentation transcript:

1 1 MSR/Cambridge Formal Verification Overview Byron Cook bycook@microsoft.com Microsoft Research, Cambridge

2 2 Cambridge:  Long standing tradition of areas of formal methods research MSR-Cambridge  Strong background in programming languages research  Recent strength in formal verification Queen Mary, University of London  Separation logic is frequent subject of interest  Much interaction between Queen Mary and Cambridge area researchers Great deal of joint research in recent years  Continuum between academic and industrial research  Frequent cross-organization exchange and discussion  Cross-organization supervision MSR/Cambridge/London

3 3 Cambridge: long standing tradition of formal verification research MSR-Cambridge  Strong background in programming languages research  Recent strength in formal verification Queen Mary, University of London  Separation logic is frequent subject of interest  Much interaction between Queen Mary and Cambridge area researchers Continuum between academic and industrial research  Frequent cross-organization exchange and discussion  Cross-organization supervision MSR/Cambridge/London

4 4

5 5 Cambridge: long standing tradition of formal verification research MSR-Cambridge  Strong background in programming languages research  Recent strength in formal verification Queen Mary, University of London  Separation logic is frequent subject of interest  Much interaction between Queen Mary and Cambridge area researchers Continuum between academic and industrial research  Frequent cross-organization exchange and discussion  Cross-organization supervision MSR/Cambridge/London

6 6 Projects: Semi-automatic methods of proving correctness of (fine-grained) concurrent programs with data Automatic methods of proving correctness of (course-grained) concurrent programs Automatic methods of proving termination/liveness Shape analysis Security analysis ARM research MSR/Cambridge

7 7 Projects: Semi-automatic methods of proving correctness of (fine-grained) concurrent programs with data Automatic methods of proving correctness of (course-grained) concurrent programs Automatic methods of proving termination/liveness Shape analysis Security analysis ARM research MSR/Cambridge

8 8

9 9 Termination analysis research Byron Cook bycook@microsoft.com Microsoft Research, Cambridge

10 10 Introduction Reactive systems: Operating systems Medical systems Web servers & clients Email servers & clients etc...

11 11 Introduction Reactive systems: Operating systems Medical systems Web servers & clients Email servers & clients etc...

12 12 Introduction

13 13 Introduction

14 14 Introduction

15 15 Introduction

16 16 Introduction

17 17 Introduction

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27 All known program proof/analysis tools support ONLY safety properties: Safety properties ensure that “nothing bad happens” Safety properties are guaranteed to have finite counterexamples: If the code calls KeLeaveCriticalRegion then it has (in some time in the past) it called KeEnterCriticalRegion Safety and liveness properties

28 28 Termination is an example of a liveness property: Liveness properties ensure that “something good will eventually happen” Will the parallel port’s PNP dispatch routine eventually return execution to its caller (i.e. Termination) If the code calls KeEnterCriticalRegion then it will eventually call KeLeaveCriticalRegion Liveness can always be converted into fair termination Safety and liveness properties

29 29 What we need: Tools that automatically prove termination of program fragments Support for large program fragments (>50,000 LOC) Precision & true counterexamples Arbitrarily nested loops, recursive functions, pointers, callbacks, etc Perhaps even tools that attempt to compute code complexity Prospects for automatic/scalable termination provers

30 30 What we need: Tools that automatically prove termination of program fragments Support for large program fragments (>50,000 LOC) Precision & true counterexamples Arbitrarily nested loops, recursive functions Perhaps even tools that attempt to compute code complexity Prospects for automatic/scalable termination provers

31 31 What we need: Tools that automatically prove termination of program fragments Support for large program fragments (>50,000 LOC) Precision & true counterexamples Arbitrarily nested loops, recursive functions Perhaps even tools that attempt to compute code complexity Prospects for automatic/scalable termination provers

32 32 What we need: Tools that automatically prove termination of program fragments Support for large program fragments (>50,000 LOC) Precision & true counterexamples Arbitrarily nested loops, recursive functions Perhaps even tools that attempt to compute code complexity Prospects for automatic/scalable termination provers

33 33 Prospects for automatic/scalable termination provers What we need: Usability/features:  User supplied & maintained termination arguments  Independently checkable witnesses Bit-vector support Concurrency Fair termination and liveness Mutating heaps Variance analysis

34 34 Prospects for automatic/scalable termination provers What we need: Usability/features:  User supplied & maintained termination arguments  Independently checkable witnesses Bit-vector support Concurrency Fair termination and liveness Mutating heaps Variance analysis

35 35 Status Papers written using preliminary prototypes  Suffering from bit-rot Current plan: re-implement tools on top of SLAyer  On the Static driver Verifier product roadmap. New research directions:  Termination for fine-grained concurrency  Runtime techniques using termination analysis

36 36 Prospects for automatic/scalable termination provers What we need: Usability/features:  User supplied & maintained termination arguments  Independently checkable witnesses Bit-vector support Concurrency Fair termination and liveness Mutating heaps Variance analysis

37 37 Variance analyses

38 38 Variance analyses

39 39 Variance analyses

40 40 Variance analyses

41 41 Variance analyses

42 42 Variance analyses

43 43 Variance analyses

Download ppt "1 MSR/Cambridge Formal Verification Overview Byron Cook Microsoft Research, Cambridge."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block.

TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AAA A A A AA A Proving that non-blocking algorithms don't block.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 MDV, April 2010 Some Modeling Challenges when Testing Rich Internet Applications for Security Kamara Benjamin, Gregor v. Bochmann Guy-Vincent Jourdan,

1 MDV, April 2010 Some Modeling Challenges when Testing Rich Internet Applications for Security Kamara Benjamin, Gregor v. Bochmann Guy-Vincent Jourdan,
1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,

1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,
Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.

Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.
AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.

AndroidCompiler. Layout Motivation Literature Review AndroidCompiler Future Works.
CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.

CSEP590 – Model Checking and Software Verification University of Washington Department of Computer Science and Engineering Summer 2003.
Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.
CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Concurrency CS 510: Programming Languages David Walker.

Concurrency CS 510: Programming Languages David Walker.
Temporal Logic of Actions (TLA) Leslie Lamport

Temporal Logic of Actions (TLA) Leslie Lamport
Run-Time Storage Organization

Run-Time Storage Organization
Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Exercise Session 2: Introduction.

Chair of Software Engineering Concurrent Object-Oriented Programming Prof. Dr. Bertrand Meyer Exercise Session 2: Introduction.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Similar presentations

Ads by Google