1 / 16

Automatic Verification of Computer Programs

Automatic Verification of Computer Programs. What is verification. Check correctness of the implementation given the specification Static verification Check correctness without executing the program E.g. static type systems, theorem provers Dynamic verification

leopold
Download Presentation

Automatic Verification of Computer Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automatic Verificationof Computer Programs

  2. What is verification • Check correctness of the implementation given the specification • Static verification • Check correctness without executing the program • E.g. static type systems, theorem provers • Dynamic verification • Check correctness by executing the program • E.g. unit tests, automatic testing • Automatic verification • Push-button verification

  3. How to get the specification • Need machine-readable specification for automatic verification (not just comments) • Different variants: • Eiffel‘s „Design by Contract“ • With new across construct even features quantifiers • .Net 4.0 „Code Contracts“ • Implmeneted contracts as a library • JML „Java Modeling Language“ • Dialect of Java featuring contracts with special comments • Writing expressive specification is difficult

  4. Dynamic Verification • Execute program and check that execution satisfies specification • Manual • Write unit tests (xUnit framework) • Execute program and click around • Automatic • Random testing • Generate random objects • Execute random routines

  5. Random Testing • Select routine under test • Precondition used for input validation • Test is valid if it passes precondition • Postcondition used as test oracle • Test is successful if it passes postcondition • Improvements to random testing by making input selection smarter (e.g. use linear solver)

  6. Random Testing • Create random objects • Call random creation procedure • Call random commands • For arguments, generate random input • Random basic types • Interesting values: Void, (2^31-1), 1, 0, -1, … • Build object pool

  7. Static Verification • Need a model of the programming language • What is the effect of an instruction • Translate program to a mathematical representation • Use an automatic or interactive theorem prover to check that specification is satisfied in every possible execution

  8. Translation to Boogie • make • local • a: ACCOUNT • do • createa.make • end • implementationAPPLICATION.make{ • var temp_1; • entry: • havoc temp_1; • assume(temp_1 != Void)&& • (!Heap[temp_1, $allocated]); • Heap[temp_1, $allocated]:=true; • Heap[temp_1, $type]:= ACCOUNT; • callcreate.ACCOUNT.make(temp_1); • }

  9. Translation to Boogie • Translates AST from EiffelStudio to Boogie • Uses Boogie verifier to check Boogie files • Traces verification errors back to Eiffel source EiffelStudio AutoProof Boogie Eiffel AST Boogie File Eiffel Errors Boogie Errors

  10. Verification Demo • EiffelStudio: AutoTest • EVE: AutoProof • VisualStudio: CodeContracts

  11. Automatic Fault Correction • Build a test suite • E.g through automatic testing • Find and localize faults • Failing test cases • Static analysis • Try fixes • Apply fix templates and random code changes • Validate fixes • Run test suite again, now all tests have to pass

  12. Dynamic Contract Inference • Build a test suite • E.g through automatic testing • Run program and store interesting values in interesting program points • E.g. argument values on feature calls • Post-analyze values and recognize patterns • Propose new contracts based on patterns

  13. Static Contract Inference • Infer precondition from postcondition or other assertions • Weakest precondition calculus • Infer loop invariants from postcondition • Generate mutations from postcondition

  14. Putting It All Together Automatic Fixes Manual Fixes Compiler Automatic Proof Automatic Tests Element Dynamically Verified Automatic Contract Inference Element Statically Verified Manual Proof

  15. Demo • VAMOC video

  16. References • EVE: http://se.inf.ethz.ch/research/eve/ • AutoTest, AutoProof, AutoFix, CITADEL, …: http://se.inf.ethz.ch/research/ • CodeContracts: http://research.microsoft.com/en-us/projects/contracts/ • JML: http://www.cs.ucf.edu/~leavens/JML/

More Related