distributed systems research group automated verification of software thesis progress report...
TRANSCRIPT
DISTRIBUTED SYSTEMS RESEARCH GROUPhttp://dsrg.mff.cuni.cz
Automated Verification of Softwarethesis progress report
Ondřej ŠerýAdvisor: František Plášil
Ondřej Šerý: Automated Verification of Software 2
Problem statement
Problem:
“Slow adoption of automated software verification in industry”
Ondřej Šerý: Automated Verification of Software 3
Thesis: Automated Software Verification
Problem“Slow adoption of automated software verification in industry”
• Scaling• Low user-friendliness of the tools
Usually no GUI, LTL properties, hard-to-master spec. lang.• Hard to assess and choose a particular tool
No general set of test/benchmarks No competition (like SAT-COMP and SMT-COMP) Few (successful) case studies
• Missing methodology How to apply the techniques in the SW development cycle?
• Appropriate education missing Trend to decrease amount of math and logic in CS education Few special lectures devoted to this problem No comprehensive textbook on code model checking and deductive verification
Goal• Comprehensive summary of the field
Code Model Checking + Deductive Verification• Inclusion of 3-4 related (co)authored papers
[3]
[4]
[1][2]Cunning plan: reuse some of the text
in a NSWI132 textbook… some day…
Ondřej Šerý: Automated Verification of Software 4
Outline
1 Introduction2 State-of-the-art
2.1 Code Model Checking2.2 Explicit State Code Model Checking2.3 Abstraction Based Code Model Checking2.4 Mixed Approaches2.5 Deductive Verification2.6 Other techniques2.7 Case Studies
3 Collection of Papers4 Evaluation5 Future Work6 ConclusionReferences
Ondřej Šerý: Automated Verification of Software 5
Explicit State Code Model Checking
Key Idea Explicit representation of the program state
Tools Java PathFinder, MoonWalker, CMC, Zing, dSPIN
Topics Basics State Storage and Matching
• Collapsing Full States• State Symmetries• Incremental Heap Canonicalization
State Space Reductions• Partial Order Reduction• Summaries• Symbolic Execution
Ondřej Šerý: Automated Verification of Software 6
Abstraction Based Code Model Checking
Key Idea Predicate abstraction, counter-example guided abstraction
refinement
Tools SLAM, BLAST, SATABS, CBMC
Topics Basics Lazy Abstraction Local Predicates Lazy Shape Abstraction Specification Languages Termination
Ondřej Šerý: Automated Verification of Software 7
Mixed Approaches
Key Idea Mixing explicit state and abstraction based
model checking
Topics Synergy (YOGI) Predicate Abstraction with Under-
Approximation Refinement Dynamic Precision Adjustment (BLAST) Dynamic Analysis (PEX, CHESS)
Ondřej Šerý: Automated Verification of Software 8
Deductive Verification
Key Ideas Based on Hoare reasoning Heavy use of automated provers
Tools Java: JML .NET: Spec#, Code Contracts C: ACSL (FramaC), VCC
Topics Basics Heap Concurrency and Ownership Object Protocols
Collection of Papers
[1] Kofron, J., Parizek, P., Sery, O.: On Teaching Formal Methods: Behavior Models and Code Analysis, Accepted for publication in Proceedings of the 2nd International FME Conference on Teaching Formal Methods (TFM 2009), LNCS 5846, Nov 2009
[2] Kebrt, M., Sery, O.: UnitCheck: Unit Testing and Model Checking Combined, Accepted for publication in Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis (ATVA'09), LNCS, Oct 2009
[3] Kolb, E., Sery, O., Weiss, R.: Applicability of the BLAST Model Checker: An Industrial Case Study, Accepted for publication in Post-proceedings of PSI'09, LNCS, Apr 2009
[best PC score award]
[4] Sery, O.: Enhanced Property Specification and Verification in BLAST, In Proceedings of FASE 2009, LNCS 5503, pp. 456-469, York, UK, Mar 2009
[5] Kofron, J., Poch, T., Sery, O.: Making Components Fit: SPINing, In Proceedings of 32nd Software Engineering Workshop, IEEE, ISBN 978-0-7695-3617-0, pp. 65-74, Greece, Jan 2009
[6] Kofron, J., Plasil, F., Sery, O.: Modes in component behavior specification via EBP and their application in product lines, In Information and Software Technology 51/1, pp. 31-41, Elsevier, Jan 2009
[7] Kofron, J., Poch, T., Sery, O.: TBP: Code-Oriented Component Behavior Specification, In Proceedings of 32nd Software Engineering Workshop, IEEE, ISBN 978-0-7695-3617-0, pp. 75-83, Greece, Jan 2009
[8] Bulej, L., Bures, T., Thierry Coupaye, Decky, M., Jezek, P., Parizek, P., Plasil, F., Poch, T., Nicolas Rivierre, Sery, O., Tuma, P.: CoCoME in Fractal, Chapter in The Common Component Modeling Example: Comparing Software Component Models, Springer-Verlag, LNCS 5153, Aug 2008
[9] Bures, T., Decky, M., Hnetynka, P., Kofron, J., Parizek, P., Plasil, F., Poch, T., Sery, O., Tuma, P.: CoCoME in SOFA, Chapter in The Common Component Modeling Example: Comparing Software Component Models, Springer-Verlag, LNCS 5153, Aug 2008
[10] Sery, O., Plasil, F.: Slicing of Component Behavior Specification with Respect to Their Composition, In Proceedings of 10th International ACM SIGSOFT Symposium on Component-Based Software Engineering (CBSE 2007), LNCS 4608, Jul 2007
…Ondřej Šerý: Automated Verification of Software 9
Enhanced Property Specification and Verification in BLAST
Ondřej Šerý: Automated Verification of Software 10
Šerý O.FASE 2009, York (UK)
Ondřej ŠerýDSRG Seminar 5th March 2008 11
Blast spec. language
global int locked = 0;
event { pattern { lock(); } guard { locked == 0 } action { locked = 1; }}
event { pattern { unlock(); } guard { locked == 1 } action { locked = 0; }}
int a = 3;
void f() { lock(); a++; unlock();}
int locked = 0;int a = 3;
void f() { if (!(locked == 0)) {
assert(0); } locked = 1; lock();
a++;
if (!(locked == 1)) {assert(0);
} locked = 0; unlock();}
Predicates to be found & tracked
theorem prover calls
Ondřej ŠerýDSRG Seminar 5th March 2008 12
Blast & BP
(!lock; !unlock)*
int a = 3;
void f() { lock(); a++; unlock();}
1 2!lock^
BP:3 4
?lock$ !unlock^
?unlock$
1
1
1
3
3
1
Pros:• Marking the error states
No changes in the input C code No new predicates
• Differentiates among states• No laziness in the important properties
Cons:• Strictly weaker in expressive power
FSM vs. TM
Applicability of the BLAST Model Checker: An Industrial Case Study
Ondřej Šerý: Automated Verification of Software 13
Kolb, E., Šerý, O., Weiss, R. PSI 2009, Novosibirsk
OPC UA
OLE for Process Control - Unified Architecture Standardized by OPC Foundation
• www.opcfoundation.org
Platform- and Network-independent communication• Field Devices, Control Systems, Manufacturing Execution
Systems, and Enterprise Resource Planning Systems
Language bindings• C/C++, Java, .NET
Ondřej Šerý: Automated Verification of Software 14
OPC UA C-Stack
• Implementation for the C language Developed at ABB ~150 KLOC of ANSI C Designed for both PC-based
and embedded systems
Ondřej Šerý: Automated Verification of Software 15
Results summary (1/2)
Locking policy:
Ondřej Šerý: Automated Verification of Software 16
Results summary (2/2)
MessageContext management:
Encoder management:
Ondřej Šerý: Automated Verification of Software 17
UnitCheck: Unit Testing and Model Checking Combined
Ondřej Šerý: Automated Verification of Software 18
Kebrt, M., Sery, O. ATVA 2009, Macau
UnitCheck
Problem• Missing methodology for application of code
model checking
Key idea• Exhaustively explore state space of unit tests• In JUnit: JVM Java PathFinder
Benefit• Developer can use the same interface while
getting more confidence
Ondřej Šerý: Automated Verification of Software 19
Thank you for your attention
Questions?
Aswers also at:
Ondřej Šerý: Automated Verification of Software 20