1 / 22

Automated Verification with HIP and SLEEK

Automated Verification with HIP and SLEEK. Asankhaya Sharma. Recall the List length Example. int length( struct node* p) /*@ requires p::list<n,B> ensures p::list<n,B> & res=n; */ { if(p == NULL) return 0; else return 1 + length(p->next); }. Memory Safety. Length of the List.

kristy
Download Presentation

Automated Verification with HIP and SLEEK

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Verification withHIP and SLEEK Asankhaya Sharma

  2. Recall the List length Example int length(struct node* p)/*@requires p::list<n,B>ensures p::list<n,B> & res=n;*/{ if(p == NULL) return 0; else return 1 + length(p->next);} Memory Safety Length of the List Bag of Values

  3. With Inference int length(struct node* p)/*@infer [H,G]requires H(p)ensures G(p);*/{ if(p == NULL) return 0; else return 1 + length(p->next);} Second Order Variables for Unknown Predicates Modular Shape Inference

  4. Relational Assumptions // Post (1) H(p) & x = null => G(p) // Bind (2) H(p) & x != null => x::node<_,q> * HP(q) // Pre-Rec (3) HP(q) => H(p) //Post (4) x::node<_,q> * G(q) => G(p)

  5. Predicate Derivation For Pre Condition H(p) == emp & p = null or p::node<_,q> * H(q) For Post Condition G(p) == emp * p = null or p::node<_,q> * G(q) Linked List Predicate Inferred Automatically

  6. Bi-Abduction 1 42 R3 antecedent consequent residue precondition Compositional shape analysis by means of bi-abduction Calcagno C, Distefano D, O'Hearn P W and Yang H POPL 2009 Achievement : Scalable automated shape analysis!

  7. Incremental Specification Formal specs are important for verification and documentation. Tedious for legacy system and maintenance efforts. Users role to guide inference process Our thesis : Specification can be developed incrementally and when needed.

  8. Inference Example infer [x,Q3] requires x::lln1  y::lln2 ensures x::lln3 & Q3(n1,n2,n3) requires x::lln1  y::lln2 & x  null ensures x::lln3 & n1+n2=n3

  9. Inference Example infer [R] requires x::lln1  y::lln2 & n  null & Term[R(n1, n2)] ensures x::lln3 & n1+n2=n3 requires x::lln1  y::lln2 & n  null & Term[n1] ensures x::lln3 & n1+n2=n3

  10. Selective Entailment [v*] 1 4 2 3 d definitions antecedent residue consequent precondition

  11. Key Principles Selective Inference Inferable Heap Locations Never Inferring False Antecedent Contradiction Unknown Relation/Function Derivation

  12. Selective Inference [x] x::lln  x::node<_,q>  x null q:: lln-1 [n] x::lln  x::node<_,q>  n > 0 q:: lln-1

  13. Selective Inference [x] x::lln  x::node<_,null>  FAIL [n] x::lln  x::node<_,null>  n=1 emp

  14. Inferring Heap Locations Heap state may be inferred x::node<_,null> [x] emp  x::node<_,null>  emp Allows predicates to be inferred Allows cascaded heaps by adding auxiliary variables

  15. Never Inferring False [x] true  x>x  FAIL [x] true  x::node<_,_>  x::node<_,_>  FAIL

  16. Antecedent Contradiction What if contradiction detected between 1 and 2 ? [v*] 1 2 Add pre over v* to support contradicted antecedent.

  17. Antecedent Contradiction [b] x=1 & b>0  x=2  b0 false [x] x=null  x::node<_,q>  x  null false

  18. Selective Inference [Q] x::node(_,y)  y::lln2  & n1=1 x::lln3  & Q(n1 ,n2, n3) n1=1 & n3= n2+1 Q(n1,n2,n3) [Q] x::node(_,y)  y::lln2  & Q(n1-1,n2,n3) x::lln3  & Q(n1 ,n2, n3) n3= n2+1 & n1>0 & Q(n1-1,n2,n3) Q(n1,n2,n3)

  19. FixPoint Calculation n1=1 & n3= n2+1Q(n1,n2,n3) n3= n2+1 & n1>0 & Q(n1-1,n2,n3) Q(n1,n2,n3) n1>0 & n2 0 & n3= n2+ n2 Q(n1,n2,n3)

  20. Inferring Heap Locations Auxiliary variables may be added [x] emp  x::node<_,q>  q::node<_,null>  x::node<_,x1> & x1=q [x,x1] emp  x::node<_,q>  q::node<_,null>  x::node<_,x1>  x1::node<_,null> & x1=q [x, x1] emp  x::node<_,q>  q::node<_,null> 

  21. Inferring Unknown Relations Two kinds of relationships inferred Relational Obligation: R(..) c Relational Definition: R(..) & c R(…)

  22. Further Reading • Trinh, Minh-Thai, Quang Loc Le, Cristina David, and Wei-Ngan Chin. "Bi-Abduction with Pure Properties for Specification Inference." In Programming Languages and Systems, pp. 107-123. Springer International Publishing, 2013.

More Related