Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks...

Program Verification: Theory and Practice

Sriram K. RajamaniMicrosoft Research India

(with thanks to Tom Ball for material from his course)

Organization

• Instructors– Deepak D’Souza, IISc– Aditya Nori, MSR India– Sriram K. Rajamani, MSR India

• Teaching Assistant– Madhu Gopinathan, IISc

PROBLEM

Software validation problem

Does the software work?

Software validation problem

Does the software work?

I hope it doesn’t crash!

I hope it still interoperates with my other software in the same way as the previous

version!

I hope some hacker cannot steal all my

money, and publish all my email on the web

I hope it can handle my peak

transaction load

How do we do software validation?

Testing:

• The “old-fashioned” way

• Run it and see if it works

• Fix it if it doesn’t work

• Ship it if it doesn’t crash!

What is wrong with testing?

Program Verification

The algorithmic discovery of properties of a program by inspection of the source text

- Manna and Pnueli, “Algorithmic Verification”

Also known as: static analysis, static program analysis, formal methods,….

Difficulty of program verification

• What will you prove?– Specification of a complex software is as

complex as the software itself

• “Deep” specifications of software are hard to prove– State-of-art in tools and automation not good

enough

Elusive triangle

Large programs

Deep properties Automation

We will let go of this one!

void Foo( int * ptr, int const * ptrToConst, int * const constPtr, int const * const constPtrToConst ) {

*ptr = 0; ptr = 0;

*ptrToConst = 0; ptrToConst = 0;

*constPtr = 0; constPtr = 0;

*constPtrToConst = 0; constPtrToConst = 0; }

void Foo( int * ptr, int const * ptrToConst, int * const constPtr, int const * const constPtrToConst ) {

*ptr = 0; // OK: modifies the pointee ptr = 0; // OK: modifies the pointer

*ptrToConst = 0; // Error! Cannot modify the pointee ptrToConst = 0; // OK: modifies the pointer

*constPtr = 0; // OK: modifies the pointee constPtr = 0; // Error! Cannot modify the pointer

*constPtrToConst = 0; // Error! Cannot modify the pointee constPtrToConst = 0; // Error! Cannot modify the pointer }

http://en.wikipedia.org/wiki/Microsoft_Platform_SDK

http://www.microsoft.com/whdc/devtools/tools/sdv.mspx

http://www.gotdotnet.com/team/fxcop/

http://research.microsoft.com/specsharp/

Worse is better, also called the New Jersey style, is the name of a computer software design approach (or design philosophy) in which simplicity of both interface and implementation is more important than any other system attribute (including correctness, consistency, and completeness).

http://en.wikipedia.org/wiki/Worse_is_Better

http://en.wikipedia.org/wiki/Robert_Tappan_Morris

unreachable

States

reachable

unsafe

Reading assignment…

• Read “Findbugs” paper

http://portal.acm.org/citation.cfm?doid=1108792.1108798

• Read “Java Bytecode Verification” paperhttp://Gallium.inria.fr/~xleroy/publi/survey-

bytecode-verification.ps.gz

Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks...

Documents

Transcript of Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks...

AProvablyCorrectSamplerforProbabilistic Programs...Chung-Kil Hur1, Aditya V. Nori 2, Sriram K. Rajamani , and Selva Samuel3 1Seoul National University, South Korea gil.hur@sf.snu.ac.kr

Zing: Exploiting Program Structure for Model Checking Concurrent Software Tony Andrews Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research Yichen.

Merlin: Inferring Specifications for Explicit Information Flow Problems Ben Livshits Aditya Nori Sriram Rajamani Anindya Banerjee.

The Yogi Project Software property checking via static analysis and testing Aditya V. Nori, Sriram K. Rajamani, Sai Deep Tetali, Aditya V. Thakur Microsoft.

Secrets of Software Model Checking Thomas Ball Sriram K. Rajamani Software Productivity Tools Microsoft Research

AProvablyCorrectSamplerforProbabilistic Programs · 2017. 2. 12. · AProvablyCorrectSamplerforProbabilistic Programs Chung-Kil Hur1, Aditya V. Nori 2, Sriram K. Rajamani , and Selva

Boolean Programs: A Model and Process For Software Analysis By Thomas Ball and Sriram K. Rajamani Microsoft…

Copyright © 1998, by the author(s). All rights reserved ... · Rajeev Alur^ Thomas A. Henzinger^ Sriram K. Rajamani^ Abstract In formal design verification, successful model checking

Rajamani Full

Program Analyses for Cloud Computationsweb.cs.ucla.edu/~todd/theses/tetali_dissertation.pdf · 2015. 12. 15. · Patrice Godefroid, Aditya V. Nori, Sriram K. Rajamani and Sai Deep

SLAM internals Sriram K. Rajamani Rigorous Software Engineering Microsoft Research, India.

The SLAM Project: Debugging System Software via Static Analysis Thomas Ball Sriram K. Rajamani Microsoft Research

AProvablyCorrectSamplerforProbabilistic Programs · 2018. 1. 4. · AProvablyCorrectSamplerforProbabilistic Programs Chung-Kil Hur1, Aditya V. Nori 2, Sriram K. Rajamani , and Selva

Thomas Ball Sriram K. Rajamani

Embedded Software Verification Challenges and Solutions · 2015. 8. 19. · Automatic abstraction refinement! [Kurshan et al. ’93] [Ball, Rajamani ’00] 115 [Clarke et al. ’00]

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li (yl2774@columbia.edu) November 22nd In PLDI 01: Programming Language.

Automating Software Testing Using Program Analysis -Patrice Godefroid, Peli de Halleux, Aditya V. Nori, Sriram K. Rajamani,Wolfram Schulte, and Nikolai.

Rule Checking SLAM Checking Temporal Properties of Software with Boolean Programs Thomas Ball, Sriram K. Rajamani Microsoft Research Presented by Okan.

Sriram Subramanian - Semantic Scholar · Subramanian, Sriram Tangible Interfaces for Volume Navigation / by Sriram Subramanian. - Eindhoven: ... physical desktop, ...

Aditya V. Nori, Sriram K. Rajamani Microsoft Research India.