Putting Numerical Abstract Domain to Work: A Study of Array-Bound Checking for C Programs (by Arnaud J. Venet, slides):
1. Review of Abstract Interpretation using Polyhedra abstract domain;
My Question: what is the difference between polyhedron intersecting and the narrowing operator?
2. Gauge domain: modified interval domain to help scale the operations within loops (specifically, widening and convex-hull operations);
3. He uses New Polka library and XXX's fixed-point algorithm:
a. Issue: Program Crashed for widening operations: too many dimensions (i.e. program variables). Solution: eliminate unimportant variables;
b. Issue: still crashed. Solution: directly propagate unchanged constraints rather than calculate again and again. Solved.
Verified Programming in VCC (by Ernie Cohen, slides):
1. VCC is heavily based on ghost data, which costs zero executing time;
2. There is no invariant check when VCC applies the owning operation on objects;
3. Verification on concurrent programs: lock-free; lock is container.
Program Verification and Synthesis as Horn-like Constraint Solving (by Andrey Rybalchenko):
1. verification using temporal logic (especially CTL);
2. Doing abstract interpretation using horn-like constraint solving strategy (using Interpolant).
Lab (by Ernie Cohen):
1. Write you own binary search program in C;
2. Use VCC (either in Visual Studio or with online version (http://rise4fun.com/Vcc)) to verify the code;
3. VCC code you need to write: function-level (pre-condition using requires; post-condition using ensures; terminating using decreases), loop-level (invariant specification).
4. My original code has 27 bugs, all of which are related to overflow. After fixing it for one hour, I get it bug-free under VCC verification.
Friday, May 24, 2013
Day IV: Summer School on Formal Techniques
Automatic Deduction Applied: Program Synthesis and Question Answering (by Richard Waldinger, slides):
1. Program Synthesis: extracting programs from proofs;
2. History on Automatic Deduction:
a. McCarthy's advice taker;
b. Slagle's deducum;
c. Amphion system used in planetary astronomy;
3. Question in natural language and based on deduction rather than statistical search (on which IBM Watson applies)
Program Verification and Synthesis as Horn-like Constraint Solving (by Andrey Rybalchenko, slides):
1. Summarization vs. Invariance :
a. For the case with procedure invocations;
b. Owicki / Gries Proof Rule;
c. Rely / Guarantee Proof Rule;
2. Type System in Programming Languages:
a. Well-typed programs can never go wrong;
b. Type Tree vs. Refinement Tree (PVS-friendly specification).
Exercise proposed by Shankar: use PVS to write the specification for 2b, and submit to him.
Static and Dynamic Analysis of Concurrent Programs (by Aarti Gupta, slides):
1. Context Bounded Analysis using Sequentialization;
2. Dynamic Analysis:
a. Preemptive Context Bounding;
b. Trace Based Verification;
c. Predicative Analysis;
3. Garbage Collection in C++11;
4. SMT-Based symbolic search:
a. based on Concurrent Static Single Assignment (CSSA) encoding;
b. Modular Analysis.
Lab (by Andrey Rybalchenko):
ARMC: http://www7.in.tum.de/~rybal/
My Comment: it can be easily screwed up writing a much longer horn-like constraint verification code, even for just 20 lines of source code with inter-procedure calls. Is there any related work or possibility to generate these constraints automatically?
Prof. from CAS commented: Horn Clause was under warm studying and researching during 1980s. Then people came to obstacles and put it on the shelf for a long time. Recently it returns to alive. Deepak has done a bunch of elegant stuffs, including Ideal Generation, etc.
PPT Karaoke for fun tonight.
1. Program Synthesis: extracting programs from proofs;
2. History on Automatic Deduction:
a. McCarthy's advice taker;
b. Slagle's deducum;
c. Amphion system used in planetary astronomy;
3. Question in natural language and based on deduction rather than statistical search (on which IBM Watson applies)
Program Verification and Synthesis as Horn-like Constraint Solving (by Andrey Rybalchenko, slides):
1. Summarization vs. Invariance :
a. For the case with procedure invocations;
b. Owicki / Gries Proof Rule;
c. Rely / Guarantee Proof Rule;
2. Type System in Programming Languages:
a. Well-typed programs can never go wrong;
b. Type Tree vs. Refinement Tree (PVS-friendly specification).
Exercise proposed by Shankar: use PVS to write the specification for 2b, and submit to him.
Static and Dynamic Analysis of Concurrent Programs (by Aarti Gupta, slides):
1. Context Bounded Analysis using Sequentialization;
2. Dynamic Analysis:
a. Preemptive Context Bounding;
b. Trace Based Verification;
c. Predicative Analysis;
3. Garbage Collection in C++11;
4. SMT-Based symbolic search:
a. based on Concurrent Static Single Assignment (CSSA) encoding;
b. Modular Analysis.
Lab (by Andrey Rybalchenko):
ARMC: http://www7.in.tum.de/~rybal/
My Comment: it can be easily screwed up writing a much longer horn-like constraint verification code, even for just 20 lines of source code with inter-procedure calls. Is there any related work or possibility to generate these constraints automatically?
Prof. from CAS commented: Horn Clause was under warm studying and researching during 1980s. Then people came to obstacles and put it on the shelf for a long time. Recently it returns to alive. Deepak has done a bunch of elegant stuffs, including Ideal Generation, etc.
PPT Karaoke for fun tonight.
Day III: Summer School on Formal Techniques
Speaking Logic (by N. Shankar, slides):
1. Unification;
2. Resolution (Negation -> Prenexation -> Skolemization -> Distribution and Isolation -> Universal Quantifier Elimination -> Q.E.D.)
Static and Dynamic Verification on Concurrent Programs (by Aarti Gupta, slides)
Verified Programming in VCC (by Ernie Cohen, slides):
1. "Programming Pearls" Chapter -- How to verify Binary Search;
2. Separation Logic;
3. Positive Polarity;
4. Linearly Isolability.
Lab (Aarti Gupta, instructions):
Active Testing: CalFuzzer http://sp09.pbworks.com/w/page/6721195/FrontPage
http://srl.cs.berkeley.edu/~ksen/calfuzzer/
Homework: http://sp09.pbworks.com/w/page/6721216/RaceFuzzer%20Homework
Student Presentation:
1. Anvesh Komuravelli, "Abstraction in SMT-based Model Checking".
a. Predicate Abstraction;
b. SLAM, BLAST, SDV; IMPACT, UFO;
c. Over-approximation Driven; Under-approximation Driven;
d. His approach is a little bit like widening operator in Abstract Interpretation. The difference is that it can approximate with respect to the counterexample, which is the feature of Model Checking (Dynamic Analysis);
e. Using UZ SMT Solver.
2. Sridhar Duggirala, "Annotations for Verification of Dynamical and Hybrid Systems".
1. Unification;
2. Resolution (Negation -> Prenexation -> Skolemization -> Distribution and Isolation -> Universal Quantifier Elimination -> Q.E.D.)
Static and Dynamic Verification on Concurrent Programs (by Aarti Gupta, slides)
Verified Programming in VCC (by Ernie Cohen, slides):
1. "Programming Pearls" Chapter -- How to verify Binary Search;
2. Separation Logic;
3. Positive Polarity;
4. Linearly Isolability.
Lab (Aarti Gupta, instructions):
Active Testing: CalFuzzer http://sp09.pbworks.com/w/page/6721195/FrontPage
http://srl.cs.berkeley.edu/~ksen/calfuzzer/
Homework: http://sp09.pbworks.com/w/page/6721216/RaceFuzzer%20Homework
Student Presentation:
1. Anvesh Komuravelli, "Abstraction in SMT-based Model Checking".
a. Predicate Abstraction;
b. SLAM, BLAST, SDV; IMPACT, UFO;
c. Over-approximation Driven; Under-approximation Driven;
d. His approach is a little bit like widening operator in Abstract Interpretation. The difference is that it can approximate with respect to the counterexample, which is the feature of Model Checking (Dynamic Analysis);
e. Using UZ SMT Solver.
2. Sridhar Duggirala, "Annotations for Verification of Dynamical and Hybrid Systems".
Tuesday, May 21, 2013
Day II: Summer School on Formal Techniques
Speaking Logic (by N. Shankar, slides):
1. Sequant Calculus (contd.) -- Cut rule;
2. Peirce's Formula: ((p⇒q)⇒p)⇒p;
3. Concepts of derivied rule and admissible rule;
4. How to prove ∃x.(p(x)⇒∀y.p(y));
5. Prenex Normal Form.
PVS (by C. Munoz, lecture 2):
1. Proof by Induction (proving strategy; can go around by making use of data type specifications);
2. Recursion specification.
Decision Methods on Arithmetic (by L. de Moura, slides and materials):
1. Multivariate case: recursive representation of multivariate polynomials (with some order on variables);
2. Sturm Tree -- Case analysis based on Sturm's sequence and Tarski query;
3. Leonardo's method is built in the Z3 theorem prover.
Discussion with Leonardo de Moura:
For the proof of Sturm's Theorem, most proofs only consider the case that hm is a constant polynomial. However, though rarely, there can be the case that hm is a non-constant polynomial. In the latter case, we need to divide each polynomial in the Sturm Sequence by hm and show that the resulting sequence ^hi is still a sequence of polynomials. Further, to prove that the only point that decreases the total sign change number is the real root of f, we need to discuss by case analysis on the sign of ^h1 using the property of even and odd functions.
PVS Lab Session (instructions, homework):
1. PVS examples in PVSLab directory provided by Munoz;
2. PVS 6.0 with NASALib installed (http://shemesh.larc.nasa.gov/fm/ftp/larc/PVS-library/);
3. discussion with students: the online textbook named "Software Foundations" by Benjamin C. Pierce (http://www.cis.upenn.edu/~bcpierce/sf/).
Student Presentation:
1. Martin Schäf, Joogie: Infeasible Code Detection on Java bytecode.
a. https://code.google.com/p/joogie/ ;
b. Uses Soot (Java Optimization Framework), Wala (static analyzer on Java and JavaScript), and Z3 Theorem Prover;
c. Based on Weakest Liberal Precondition rather than Weakest Precondition, i.e. only consider partial correctness;
d. Can outperform the static code checker in Eclipse;
e. Can have issues on false positive cases;
f. He is a postdoc at United Nations University -- International Institute for Software Technology at Macau, China.
2. Etienne Kneuss, "Leon Verification and Synthesis":
a. Using Scala;
b. Writing specifications on data structures and functions, then the system will search in the library to synthesize the reified code;
c. Purely functional style syntax defined by them;
d. Issues: due to the functional syntax, many real-world data structures like Doubly-Linked List cannot be specified; besides, High-order is not possible to be combined in.
1. Sequant Calculus (contd.) -- Cut rule;
2. Peirce's Formula: ((p⇒q)⇒p)⇒p;
3. Concepts of derivied rule and admissible rule;
4. How to prove ∃x.(p(x)⇒∀y.p(y));
5. Prenex Normal Form.
PVS (by C. Munoz, lecture 2):
1. Proof by Induction (proving strategy; can go around by making use of data type specifications);
2. Recursion specification.
Decision Methods on Arithmetic (by L. de Moura, slides and materials):
1. Multivariate case: recursive representation of multivariate polynomials (with some order on variables);
2. Sturm Tree -- Case analysis based on Sturm's sequence and Tarski query;
3. Leonardo's method is built in the Z3 theorem prover.
Discussion with Leonardo de Moura:
For the proof of Sturm's Theorem, most proofs only consider the case that hm is a constant polynomial. However, though rarely, there can be the case that hm is a non-constant polynomial. In the latter case, we need to divide each polynomial in the Sturm Sequence by hm and show that the resulting sequence ^hi is still a sequence of polynomials. Further, to prove that the only point that decreases the total sign change number is the real root of f, we need to discuss by case analysis on the sign of ^h1 using the property of even and odd functions.
PVS Lab Session (instructions, homework):
1. PVS examples in PVSLab directory provided by Munoz;
2. PVS 6.0 with NASALib installed (http://shemesh.larc.nasa.gov/fm/ftp/larc/PVS-library/);
3. discussion with students: the online textbook named "Software Foundations" by Benjamin C. Pierce (http://www.cis.upenn.edu/~bcpierce/sf/).
Student Presentation:
1. Martin Schäf, Joogie: Infeasible Code Detection on Java bytecode.
a. https://code.google.com/p/joogie/ ;
b. Uses Soot (Java Optimization Framework), Wala (static analyzer on Java and JavaScript), and Z3 Theorem Prover;
c. Based on Weakest Liberal Precondition rather than Weakest Precondition, i.e. only consider partial correctness;
d. Can outperform the static code checker in Eclipse;
e. Can have issues on false positive cases;
f. He is a postdoc at United Nations University -- International Institute for Software Technology at Macau, China.
2. Etienne Kneuss, "Leon Verification and Synthesis":
a. Using Scala;
b. Writing specifications on data structures and functions, then the system will search in the library to synthesize the reified code;
c. Purely functional style syntax defined by them;
d. Issues: due to the functional syntax, many real-world data structures like Doubly-Linked List cannot be specified; besides, High-order is not possible to be combined in.
Monday, May 20, 2013
Day I: SRI Summer School on Formal Methods
Speaking Logic (by Natarajan Shankar, slides here):
1. How logic formalization can be used to address ruddles;
2. Couturant, "Algebra of Logic";
3. Substitution Lemma in propositional logic;
4. Sequant Calculus.
PVS (by Cesar Munoz, lecture 0, lecture 1):
1. TCAS alerting logic;
Decision Methods for Arithmetic (by Leonardo de Moura, slides and materials):
1. Fourier-Motzkin Elimination Method;
2. Sturm's Sequence;
3. Sturm-Tarski Theorem;
4. Tarski Query;
5. Formal statement in univariate case.
Lab Session on Arithmetic Decision Methods (assignment):
1. Tutorials on Z3: http://z3.codeplex.com/documentation ;
http://stackoverflow.com/users/2327608/juan-ospina?tab=questions&sort=activity ;
2. Prove Sturm's Theorem;
3. Implement polynomial operations (+, *, /, etc.); Implement Sturm Sequence generating method; implement Tarski Query. Note: All only in univariate cases.
Student Talks:
1. Konstantin Korovin, Nestan Tsiskaridze, and Andrei Voronkov, Conflict Resolution:
a. Used for solving linear (in)equality systems [satisfiability] on integer, real and rational fields;
b. Based on Fourier-Motzkin Elimination;
c. Main Method: 1) Assignment Refinement; 2) Constraint Generation based on Conflict;
d. Drastically reduce the number of redundant constraints generated, i.e. better than Fourier-Motzkin Elimination, comparable to Simplex Method;
e. Heuristics on choosing conflicting constraints: mini-lower, max-upper; or longest geometric distance;
f. Easy to switch to incremental version;
g. Suitable for combining with SMT solver;
h. Future Work: combine with SMT solver; implement a better preprocessor.
2. Gidon Ernst, et al. "A Formal Model of a Virtual Filesystem Switch":
a. https://swt.informatik.uni-augsburg.de/swt/projects/ ;
b. Implement a simulation on the very top level, the core part (i.e. the part dealing with flash disks) is still under developing;
c. Specification written in PVS, implementation in Scala.
1. How logic formalization can be used to address ruddles;
2. Couturant, "Algebra of Logic";
3. Substitution Lemma in propositional logic;
4. Sequant Calculus.
PVS (by Cesar Munoz, lecture 0, lecture 1):
1. TCAS alerting logic;
Decision Methods for Arithmetic (by Leonardo de Moura, slides and materials):
1. Fourier-Motzkin Elimination Method;
2. Sturm's Sequence;
3. Sturm-Tarski Theorem;
4. Tarski Query;
5. Formal statement in univariate case.
Lab Session on Arithmetic Decision Methods (assignment):
1. Tutorials on Z3: http://z3.codeplex.com/documentation ;
http://stackoverflow.com/users/2327608/juan-ospina?tab=questions&sort=activity ;
2. Prove Sturm's Theorem;
3. Implement polynomial operations (+, *, /, etc.); Implement Sturm Sequence generating method; implement Tarski Query. Note: All only in univariate cases.
Student Talks:
1. Konstantin Korovin, Nestan Tsiskaridze, and Andrei Voronkov, Conflict Resolution:
a. Used for solving linear (in)equality systems [satisfiability] on integer, real and rational fields;
b. Based on Fourier-Motzkin Elimination;
c. Main Method: 1) Assignment Refinement; 2) Constraint Generation based on Conflict;
d. Drastically reduce the number of redundant constraints generated, i.e. better than Fourier-Motzkin Elimination, comparable to Simplex Method;
e. Heuristics on choosing conflicting constraints: mini-lower, max-upper; or longest geometric distance;
f. Easy to switch to incremental version;
g. Suitable for combining with SMT solver;
h. Future Work: combine with SMT solver; implement a better preprocessor.
2. Gidon Ernst, et al. "A Formal Model of a Virtual Filesystem Switch":
a. https://swt.informatik.uni-augsburg.de/swt/projects/ ;
b. Implement a simulation on the very top level, the core part (i.e. the part dealing with flash disks) is still under developing;
c. Specification written in PVS, implementation in Scala.
Subscribe to:
Posts (Atom)