Abstraction, Verification - PowerPoint PPT Presentation

About This Presentation

Title:

Abstraction, Verification

Description:

Abstraction, Verification & Refinement Samik Basu Dept. of Computer Science, ISU What is Model Checking Model Checking (Design level) Generate a model describing the ... – PowerPoint PPT presentation

Number of Views:141

Avg rating:3.0/5.0

Slides: 34

Provided by: ias105

Learn more at: http://class.ece.iastate.edu

Category:

more less

Transcript and Presenter's Notes

Title: Abstraction, Verification

1
Abstraction, Verification Refinement

Samik Basu
Dept. of Computer Science, ISU

2
What is Model Checking

Model Checking (Design level)
Generate a model describing the behavior (M)
Essentially a graph
Identify the desired properties (?)
Automatically verify (M ² ?)
Graph-traversal

3
Model Checking Source Code

Why?
Difficult Programs are more complex
Variables, conditionals, recursion

4
Acknowledgement

Abstraction-based techniques
Blast (Berkeley),
Slam (MS),
CEGAR (CMU),
FocusCheck (SBU, ISU)

5
Safety Property

Bad things never happen
Typical Bad things valuations of variables

6
Question?

Is there a path in the program that leads to
satisfaction of Bad?
Counter-Example

7
Example
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4 while(new ! old) 5 unlock ()
return
8
What is a Program-Graph?
State
Transition
3 unlock() new 4
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4 while(new ! old) 5 unlock ()
return
9
What is infinite about programs?

Program state
Control Location finite
Variable value infinite
Question Prove that for all possible values of
variables, the program
behaves
correctly

10
Abstraction

Over-approximation
Remove details and partition states
Graph over partitions finite and manageable M
M contains all behavior of M and more
M ² ? ) M ² ? where ? Bad

11
Data Abstraction
, -2, 0, 2, 4,
xint
, -3, -1, 1, 3,
, -3, -2, -1
yint
0
1, 2, 3,
12
Abstract Program
Abstract Data domain
Code
int x 0 if (x 0) x x 1
Abstract the data domain Abstract the Program
behavior
13
Abstraction leads to Over-approximation
I
M
I
M
14
Abstraction leads to Over-approximation
I
M gt M, M ² ? implies M ² ?
No False Positives Problem Spurious
Counter-Examples
M
I
M
15
Predicate Abstraction

Look at characteristic of data NOT its exact
valuation
Predicate Abstraction
Relationship between variables and constants

16
Spurious Counter-Example
I
M
I
M
17
Spurious Counter-Example
I
M
I
M
18
Break it up and Start over
I
M
I
M
19
Summary

Abstract
Model Check
Refine if needed
Loop-back
Blast, Slam (CFG), FocusCheck (PDS)

20
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
1
Reachability Tree
21
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
lock() old new qq-gtnext
2
LOCK
1
2
Reachability Tree
22
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK
q!NULL
3
LOCK
1
2
3
Reachability Tree
23
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK
3
LOCK
q-gtdata new unlock() new
4
LOCK
4
1
2
3
Reachability Tree
24
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK
3
LOCK
4
LOCK
newold
5
5
LOCK
4
1
2
3
Reachability Tree
25
Build-and-Search
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK
3
LOCK
4
LOCK
5
5
LOCK
4
unlock()
1
2
3
LOCK
Reachability Tree
26
Analyze Counterexample
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
lock() old new qq-gtnext
2
LOCK
q!NULL
3
LOCK
q-gtdata new unlock() new
4
LOCK
newold
5
5
LOCK
4
unlock()
1
2
3
LOCK
Reachability Tree
27
Analyze Counterexample
Predicates LOCK
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
old new
2
LOCK
3
LOCK
new
4
LOCK
newold
5
5
LOCK
4
Inconsistent
1
2
3
LOCK
new old
Reachability Tree
28
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
1
Reachability Tree
29
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
lock() old new qq-gtnext
2
LOCK , newold
1
2
Reachability Tree
30
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK , newold
3
LOCK , newold
q-gtdata new unlock() new
4
LOCK , new old
4
1
2
3
Reachability Tree
31
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK , newold
3
LOCK , newold
4
LOCK , new old
newold
4
1
2
3
Reachability Tree
32
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK , newold
3
LOCK , newold
4
LOCK , new old
new!old
1
4
4
LOCK, new old
1
2
3
Reachability Tree
33
Repeat Build-and-Search
Predicates LOCK, newold
Example ( ) 1 do lock() old
new q q-gtnext 2 if (q ! NULL) 3
q-gtdata new unlock() new
4while(new ! old) 5 unlock ()
1
LOCK
2
LOCK , newold
SAFE
3
LOCK , newold
4
4
LOCK , newold
LOCK , new old
5
1
5
4
4
4
LOCK, new old
1
2
3
LOCK , newold
Reachability Tree

Write a Comment

User Comments (0)