1 / 18

Automated Verification with HIP and SLEEK

Automated Verification with HIP and SLEEK. Asankhaya Sharma. Recall the List length Example. int length( struct node* p) /*@ requires p::list<n,B> ensures p::list<n,B> & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); }. Memory Safety. Length of the List.

cyrah
Download Presentation

Automated Verification with HIP and SLEEK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Verification withHIP and SLEEK Asankhaya Sharma

  2. Recall the List length Example int length(struct node* p)/*@requires p::list<n,B>ensures p::list<n,B> & res=n;*/{ if(p == NULL) return 0; else return 1 + length(p->next);} Memory Safety Length of the List Bag of Values

  3. Total Correctness int length(struct node* p)/*@requires p::list<n,B> & Term[n]ensures p::list<n,B> & res=n;*/{ if(p == NULL) return 0; else return 1 + length(p->next);} Termination Metric A ranking function which decreases with each recursive call (or loop iteration)

  4. Termination Examples for SLEEK checkentail Term[m] & m > n |- Term[n]. checkentail x::list<n> & x !=null & Term[n] |- x::node<_,p> * p::list<m> & Term[m]. checkentail Term[m] |- Loop. checkentail Term[m] |- MayLoop. Valid. Valid. InValid. InValid.

  5. Structured Specifications • Richer specifications that provide guidance to automated verification • Support automatic case analysis • Support Reuse of Verification • Support Multiple specifications

  6. Trivial Loop Example while(z!=n)requires trueensures z’ = n{z = z + 1;}Precondition same as loop invariantPostcondition of loop is final state when loop terminates When does this loop terminate ?

  7. With Termination while(z!=n)requires z <= n & Term[n-z]ensures z’ = n{z = z + 1;} Specify ranking function Term[R]

  8. With Non-Termination while(z!=n)requires z > n & Loopensures false{z = z + 1;} Post condition is false which signifies unreachable exit

  9. Recall Multiple Specs while(z!=n)requires z<=n & Term[n-z]ensures z’ = nrequires z > n & Loopensures false{z = z + 1;} Case Analysis

  10. Case Structure • Case Specificationcase { p1  requires R1 ensures Q1; p2  requires R2 ensures Q2;} • Analogous to LEM • It can be applied during verification to support more comprehensive reasoning

  11. Why Case ? • The presence of case structures enables: • Automatic case analysis • Clearer and more concise specifications

  12. Case Specs for Scenario Analysis Trivial loop with multiple scenarios revisited: while(z!=n)case{ z<=n  requires Term[n-z] ensures z’ = nz > n  requires Loop ensures false }{z = z + 1;}

  13. A Tricky Loop • What termination spec to give to this loop ? while(x>0){ x = x + y;}

  14. Case Specs for Scenario Analysis • Three Scenarios while(x>0)case{ x<=0  ensures x’ = x x > 0  case { y >= 0  ensures false y <0  ensures y<x’<=0; } }{ x = x + y;} Base Case Non-terminating Recursive but terminating

  15. With Termination Specs while(x>0)case{ x<=0  requires Term[] ensures x’ = x x > 0  case{ y >= 0  requires Loop ensures false y <0  requires Term[x] ensures y<x’<=0} }{ x = x + y;}

  16. McCarthy 91 Function • This function always returns 91 when input is less than or equal to 100 intmcCarthy(int n){ if (n>100) return n-10;else return mcCarthy(mcCarthy(n+11)); } Nested recursion. Does it terminate ?

  17. Termination intmcCarthy(int n)case{ n > 100  requires Term[] ensures res=n-10 n<=100  requires Term[100-n] ensures res = 91 }{ if (n>100) return n-10;else return mcCarthy(mcCarthy(n+11)); }

  18. Further Reading • Gherghina, Cristian, Cristina David, Shengchao Qin, and Wei-Ngan Chin. "Structured specifications for better verification of heap-manipulating programs." In FM 2011: Formal Methods, pp. 386-401. Springer Berlin Heidelberg, 2011.

More Related