program verification: theory and practice sriram k. rajamani microsoft research india (with thanks...
TRANSCRIPT
![Page 1: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/1.jpg)
Program Verification: Theory and Practice
Sriram K. RajamaniMicrosoft Research India
(with thanks to Tom Ball for material from his course)
![Page 2: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/2.jpg)
2
Organization
• Instructors– Deepak D’Souza, IISc– Aditya Nori, MSR India– Sriram K. Rajamani, MSR India
• Teaching Assistant– Madhu Gopinathan, IISc
![Page 3: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/3.jpg)
3
PROBLEM
![Page 4: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/4.jpg)
4
Software validation problem
Does the software work?
![Page 5: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/5.jpg)
5
Software validation problem
Does the software work?
I hope it doesn’t crash!
I hope it still interoperates with my other software in the same way as the previous
version!
I hope some hacker cannot steal all my
money, and publish all my email on the web
I hope it can handle my peak
transaction load
![Page 6: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/6.jpg)
6
How do we do software validation?
Testing:
• The “old-fashioned” way
• Run it and see if it works
• Fix it if it doesn’t work
• Ship it if it doesn’t crash!
![Page 7: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/7.jpg)
7
What is wrong with testing?
![Page 8: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/8.jpg)
8
![Page 9: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/9.jpg)
9
Program Verification
The algorithmic discovery of properties of a program by inspection of the source text
- Manna and Pnueli, “Algorithmic Verification”
Also known as: static analysis, static program analysis, formal methods,….
![Page 10: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/10.jpg)
10
Difficulty of program verification
• What will you prove?– Specification of a complex software is as
complex as the software itself
• “Deep” specifications of software are hard to prove– State-of-art in tools and automation not good
enough
![Page 11: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/11.jpg)
11
Elusive triangle
11
Large programs
Deep properties Automation
We will let go of this one!
![Page 12: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/12.jpg)
12
![Page 13: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/13.jpg)
13
void Foo( int * ptr, int const * ptrToConst, int * const constPtr, int const * const constPtrToConst ) {
*ptr = 0; ptr = 0;
*ptrToConst = 0; ptrToConst = 0;
*constPtr = 0; constPtr = 0;
*constPtrToConst = 0; constPtrToConst = 0; }
![Page 14: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/14.jpg)
14
void Foo( int * ptr, int const * ptrToConst, int * const constPtr, int const * const constPtrToConst ) {
*ptr = 0; // OK: modifies the pointee ptr = 0; // OK: modifies the pointer
*ptrToConst = 0; // Error! Cannot modify the pointee ptrToConst = 0; // OK: modifies the pointer
*constPtr = 0; // OK: modifies the pointee constPtr = 0; // Error! Cannot modify the pointer
*constPtrToConst = 0; // Error! Cannot modify the pointee constPtrToConst = 0; // Error! Cannot modify the pointer }
![Page 15: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/15.jpg)
15
![Page 16: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/16.jpg)
16
![Page 17: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/17.jpg)
17
http://en.wikipedia.org/wiki/Microsoft_Platform_SDK
http://www.microsoft.com/whdc/devtools/tools/sdv.mspx
http://www.gotdotnet.com/team/fxcop/
http://research.microsoft.com/specsharp/
![Page 18: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/18.jpg)
18
![Page 19: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/19.jpg)
19
![Page 20: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/20.jpg)
20
![Page 21: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/21.jpg)
21
Worse is better, also called the New Jersey style, is the name of a computer software design approach (or design philosophy) in which simplicity of both interface and implementation is more important than any other system attribute (including correctness, consistency, and completeness).
http://en.wikipedia.org/wiki/Worse_is_Better
![Page 22: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/22.jpg)
22
http://en.wikipedia.org/wiki/Robert_Tappan_Morris
![Page 23: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/23.jpg)
2323
![Page 24: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/24.jpg)
2424
![Page 25: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/25.jpg)
25
![Page 26: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/26.jpg)
26
![Page 27: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/27.jpg)
27
unreachable
States
reachable
init
unsafe
unsafe
![Page 28: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/28.jpg)
28
![Page 29: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/29.jpg)
29
![Page 30: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/30.jpg)
30
![Page 31: Program Verification: Theory and Practice Sriram K. Rajamani Microsoft Research India (with thanks to Tom Ball for material from his course)](https://reader033.vdocument.in/reader033/viewer/2022061306/5514769a550346b2598b45a8/html5/thumbnails/31.jpg)
31
Reading assignment…
• Read “Findbugs” paper
http://portal.acm.org/citation.cfm?doid=1108792.1108798
• Read “Java Bytecode Verification” paperhttp://Gallium.inria.fr/~xleroy/publi/survey-
bytecode-verification.ps.gz