SlideShare a Scribd company logo

20080501 software verification_sharygina_lecture01

Computer Science Club
Computer Science Club
TechnologyBusiness
1 of 30
Download to read offline
Assuring Software Quality by Model Checking Natasha Sharygina University of Lugano and Carnegie Mellon University Acknowledgment: Prof. Ed Clarke, Carnegie Mellon University 1
USS Yorktown Embedded Software F/A 22 Embedded BUGS? 2
French Guyana, June 4, 1996 $600 million software failure 3
Mars, December 3, 1999 Crashed due to uninitialized 4 variable
Cost of Software Errors June 2002 “Software bugs, or errors, are so prevalent and so detrimental that they cost the U.S. economy an estimated $59.5 billion annually, or about 0.6 percent of the gross domestic product … At the national level, over half of the costs are borne by software users and the remainder by software developers/vendors.” NIST Planning Report 02-3 The Economic Impacts of Inadequate Infrastructure for Software Testing 5
Cost of Software Errors “The study also found that, although all errors cannot be removed, more than a third of these costs, or an estimated $22.2 billion, could be eliminated by an improved testing infrastructure that enables earlier and more effective identification and removal of software defects.” 6
Model Checking • Developed independently by Clarke and Emerson and by Queille and Sifakis in early 1980’s. • Properties are written in propositional temporal logic. • Systems are modeled by finite state machines. • Verification procedure is an exhaustive search of the state space of the design. • Model checking complements testing/simulation. 7
Advantages of Model Checking • No proofs!!! • Fast (compared to other rigorous methods) • Diagnostic counterexamples • No problem with partial specifications / properties • Logics can easily express many concurrency properties 8
Model of computation Microwave Oven Example State-transition graph describes system evolving ~ Start ~ Close over time. σ ~ Heat ~ Error τ Start ~ Start ~ Start ~ Close Close Close ~ Heat Heat ~ Heat Error ~ Error ~ Error Start Start Start Close Close Close ~ Heat ~ Heat Heat Error ~ Error ~ Error 9
Temporal Logic The oven doesn’t heat up until the door is closed. Not heat_up holds until door_closed (~ heat_up) U door_closed 10
Basic Temporal Operators The symbol “p” is an atomic proposition, e.g. “heat_up” or “door_closed”. • Fp - p holds sometime in the future. • Gp - p holds globally in the future. • Xp - p holds next time. • pUq - p holds until q holds. 11
Model Checking Problem Let M be a model, i.e., a state-transition graph. Let ƒ be the property in temporal logic. Find all states s such that M has property ƒ at state s. Efficient Algorithms: CE81, CES83 12
The EMC System 1982/83 Preprocessor Model Checker Model Checker Preprocessor (EMC) (EMC) Properties Properties State Transition Graph State Transition Graph True or Counterexamples True or Counterexamples 1044 to 1055states 10 to 10 states 13
Model Checker Architecture System Description Formal Specification State Explosion Problem!! Validation or Counterexample Model Checker 14
The State Explosion Problem System Description Combinatorial explosion of system Combinatorial explosion of system states renders explicit states renders explicit model construction infeasible. model construction infeasible. State Transition Graph Exponential Growth of … Exponential Growth of … … global state space in number of concurrent components. … global state space in number of concurrent components. … memory states in memory size. … memory states in memory size. Feasibility of model checking inherently tied to handling state explosion. 15
Combating State Explosion • Binary Decision Diagrams can be used to represent state transition systems more efficiently. Symbolic Model Checking 1992 • Semantic techniques for alleviating state explosion: – Partial Order Reduction. – Abstraction. – Compositional reasoning. – Symmetry. – Cone of influence reduction. – Semantic minimization. 16
Model Checking since 1981 1981 Clarke / Emerson: CTL Model Checking 105 Sifakis / Quielle 1982 EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990 Symbolic Model Checking 10100 Burch, Clarke, Dill, McMillan 1990s: Formal Hardware 1992 SMV: Symbolic Model Verifier Verification in Industry: McMillan Intel, IBM, Motorola, etc. 1998 Bounded Model Checking using SAT 101000 Biere, Clarke, Zhu 2000 Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith 17
The Cube Puzzle 18
Glacier Gorge 19
Further Up 20
Skies Above Us Galaxies in the (observable) universe: 2.5 ・ 1011 Stars in the Milky Way: 4 ・1011 Stars in the universe: 1023 A small sequential circuit may have more than 10100 states 21
Model Checking since 1981 1981 Clarke / Emerson: CTL Model Checking Sifakis / Quielle 1982 EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990 Symbolic Model Checking Burch, Clarke, Dill, McMillan 1992 SMV: Symbolic Model Verifier McMillan 1998 Bounded Model Checking using SAT Biere, Clarke, Zhu CBMC 2000 Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith MAGIC 2002 SAT-based Software Model Checking SATABS 22 Kroening, Sharygina, Yorav, Clarke
Grand Challenge: Model Check Software ! What makes Software Model Checking different ? 23
What Makes Software Model Checking Different ? • Large/unbounded base types: int, float, string • User-defined types/classes • Pointers/aliasing + unbounded #’s of heap- allocated cells • Procedure calls/recursion/calls through pointers/dynamic method lookup/overloading • Concurrency + unbounded #’s of threads 24
What Makes Software Model Checking Different ? • Templates/generics/include files • Interrupts/exceptions/callbacks • Use of secondary storage: files, databases • Absent source code for: libraries, system calls, mobile code • Esoteric features: continuations, self-modifying code • Size (e.g., MS Word = 1.4 MLOC) 25
Grand Challenge: Model Check Software ! Early attempts in the 1980s failed to scale. 2000s: renewed interest / demand: Java Pathfinder: NASA Ames SLAM: Microsoft Bandera: Kansas State BLAST: Berkeley … SLAM is shipped to Windows device driver developers. In general, these tools are unable to handle complex data 26 structures and concurrency.
SATABS Tool: Counterexample-Guided Abstraction Refinement Memory Abstract State Memory Abstract Memory Abstraction State Memory State Memory State State Memory State Memory State Memory State Abstraction maps classes of similar memory Memory Abstraction maps classes of similar memory State states to single abstract memory states. states to single abstract memory states. Memory State + Model size drastically reduced. + Model size drastically reduced. --Invalid counterexamples possible. Invalid counterexamples possible. 27
Existential Abstraction Given an abstraction function α : S → Sα, the concrete states are grouped and mapped into abstract states : Mα α α α Preservation Theorem ? M 28
Automatic Abstraction Mα Spurious Initial Abstraction Spurious counterexample Refinement Refinement Validation or Counterexample Correct ! M Original Model 29
CEGAR CounterExample-Guided Abstraction Initial Refinement Abstraction Verification No error C Abstract Model or bug found model Program Checker Property holds Counterexample Simulation Abstraction refinement Refinement sucessful Simulator Bug found Spurious counterexample 30

Recommended

Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Iosif Itkin
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Iosif Itkin
 
20101030 reals and_integers_matiyasevich_ekb_lecture05-06
20101030 reals and_integers_matiyasevich_ekb_lecture05-0620101030 reals and_integers_matiyasevich_ekb_lecture05-06
20101030 reals and_integers_matiyasevich_ekb_lecture05-06Computer Science Club
 
20100515 bioinformatics kapushesky_lecture07
20100515 bioinformatics kapushesky_lecture0720100515 bioinformatics kapushesky_lecture07
20100515 bioinformatics kapushesky_lecture07Computer Science Club
 
20080426 networking carzaniga_lecture01-02
20080426 networking carzaniga_lecture01-0220080426 networking carzaniga_lecture01-02
20080426 networking carzaniga_lecture01-02Computer Science Club
 
20110327 systems of_typed_lambda_calculi_moskvin_lecture08
20110327 systems of_typed_lambda_calculi_moskvin_lecture0820110327 systems of_typed_lambda_calculi_moskvin_lecture08
20110327 systems of_typed_lambda_calculi_moskvin_lecture08Computer Science Club
 
20091115 cryptoprotocols nikolenko_lecture07
20091115 cryptoprotocols nikolenko_lecture0720091115 cryptoprotocols nikolenko_lecture07
20091115 cryptoprotocols nikolenko_lecture07Computer Science Club
 
20081019 auctions nikolenko_lecture04
20081019 auctions nikolenko_lecture0420081019 auctions nikolenko_lecture04
20081019 auctions nikolenko_lecture04Computer Science Club
 

Recommended

Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Iosif Itkin
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Iosif Itkin
 
20101030 reals and_integers_matiyasevich_ekb_lecture05-06
20101030 reals and_integers_matiyasevich_ekb_lecture05-0620101030 reals and_integers_matiyasevich_ekb_lecture05-06
20101030 reals and_integers_matiyasevich_ekb_lecture05-06Computer Science Club
 
20100515 bioinformatics kapushesky_lecture07
20100515 bioinformatics kapushesky_lecture0720100515 bioinformatics kapushesky_lecture07
20100515 bioinformatics kapushesky_lecture07Computer Science Club
 
20080426 networking carzaniga_lecture01-02
20080426 networking carzaniga_lecture01-0220080426 networking carzaniga_lecture01-02
20080426 networking carzaniga_lecture01-02Computer Science Club
 
20110327 systems of_typed_lambda_calculi_moskvin_lecture08
20110327 systems of_typed_lambda_calculi_moskvin_lecture0820110327 systems of_typed_lambda_calculi_moskvin_lecture08
20110327 systems of_typed_lambda_calculi_moskvin_lecture08Computer Science Club
 
20091115 cryptoprotocols nikolenko_lecture07
20091115 cryptoprotocols nikolenko_lecture0720091115 cryptoprotocols nikolenko_lecture07
20091115 cryptoprotocols nikolenko_lecture07Computer Science Club
 
20081019 auctions nikolenko_lecture04
20081019 auctions nikolenko_lecture0420081019 auctions nikolenko_lecture04
20081019 auctions nikolenko_lecture04Computer Science Club
 
20090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-0820090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-08Computer Science Club
 
20071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture0320071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture03Computer Science Club
 
20091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture1120091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture11Computer Science Club
 
20071103 verification konev_lecture08
20071103 verification konev_lecture0820071103 verification konev_lecture08
20071103 verification konev_lecture08Computer Science Club
 
20091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture0420091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture04Computer Science Club
 
20090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture0120090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture01Computer Science Club
 
20090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture0120090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture01Computer Science Club
 
20100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture0620100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture06Computer Science Club
 
20071104 verification konev_lecture14
20071104 verification konev_lecture1420071104 verification konev_lecture14
20071104 verification konev_lecture14Computer Science Club
 
20100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture0320100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture03Computer Science Club
 
20100925 ontology konev_lecture02
20100925 ontology konev_lecture0220100925 ontology konev_lecture02
20100925 ontology konev_lecture02Computer Science Club
 
overview.pdf
overview.pdfoverview.pdf
overview.pdfDummy462374
 
digit_twin.pptx
digit_twin.pptxdigit_twin.pptx
digit_twin.pptxajithakn1
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
 
digit_twin.pptx
digit_twin.pptxdigit_twin.pptx
digit_twin.pptxAmrikSingh922379
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
 
Ch1
Ch1Ch1
Ch1Rahul prasad
 
Software Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life CycleSoftware Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life CycleDerek Callaway
 
Week6 testing-intro
Week6 testing-introWeek6 testing-intro
Week6 testing-introAlexandru-Gala Popescu
 
Close encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet CodeClose encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet Codelbergmans
 

More Related Content

Viewers also liked

20090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-0820090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-08Computer Science Club
 
20071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture0320071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture03Computer Science Club
 
20091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture1120091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture11Computer Science Club
 
20071103 verification konev_lecture08
20071103 verification konev_lecture0820071103 verification konev_lecture08
20071103 verification konev_lecture08Computer Science Club
 
20091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture0420091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture04Computer Science Club
 
20090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture0120090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture01Computer Science Club
 
20090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture0120090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture01Computer Science Club
 
20100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture0620100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture06Computer Science Club
 
20071104 verification konev_lecture14
20071104 verification konev_lecture1420071104 verification konev_lecture14
20071104 verification konev_lecture14Computer Science Club
 
20100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture0320100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture03Computer Science Club
 

Viewers also liked (11)

20090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-0820090419 hardnessvsrandomness itsykson_lecture07-08
20090419 hardnessvsrandomness itsykson_lecture07-08
 
20071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture0320071007 efficientalgorithms kulikov_lecture03
20071007 efficientalgorithms kulikov_lecture03
 
20091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture1120091213 cryptoprotocols nikolenko_lecture11
20091213 cryptoprotocols nikolenko_lecture11
 
20071103 verification konev_lecture08
20071103 verification konev_lecture0820071103 verification konev_lecture08
20071103 verification konev_lecture08
 
20091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture0420091004 cryptoprotocols nikolenko_lecture04
20091004 cryptoprotocols nikolenko_lecture04
 
20090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture0120090920 cryptoprotocols nikolenko_lecture01
20090920 cryptoprotocols nikolenko_lecture01
 
20090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture0120090215 hardnessvsrandomness itsykson_lecture01
20090215 hardnessvsrandomness itsykson_lecture01
 
20100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture0620100314 virtualization igotti_lecture06
20100314 virtualization igotti_lecture06
 
20071104 verification konev_lecture14
20071104 verification konev_lecture1420071104 verification konev_lecture14
20071104 verification konev_lecture14
 
20100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture0320100930 proof complexity_hirsch_lecture03
20100930 proof complexity_hirsch_lecture03
 
20100925 ontology konev_lecture02
20100925 ontology konev_lecture0220100925 ontology konev_lecture02
20100925 ontology konev_lecture02
 

Similar to 20080501 software verification_sharygina_lecture01

digit_twin.pptx
digit_twin.pptxdigit_twin.pptx
digit_twin.pptxajithakn1
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
 
Software Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life CycleSoftware Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life CycleDerek Callaway
 
Close encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet CodeClose encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet Codelbergmans
 
Close Encounters in MDD: when models meet code
Close Encounters in MDD: when models meet codeClose Encounters in MDD: when models meet code
Close Encounters in MDD: when models meet codelbergmans
 
ICSE 2011 Research Paper on Modularity Violations
ICSE 2011 Research Paper on Modularity ViolationsICSE 2011 Research Paper on Modularity Violations
ICSE 2011 Research Paper on Modularity Violationsmiryung
 
Testing of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesTesting of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesLionel Briand
 
Using capability assessment during product design
Using capability assessment during product designUsing capability assessment during product design
Using capability assessment during product designMark Turner CRP
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systemsJaap van Ekris
 
Verilog Ams Used In Top Down Methodology For Wireless Integrated Circuits
Verilog Ams Used In Top Down Methodology For Wireless Integrated CircuitsVerilog Ams Used In Top Down Methodology For Wireless Integrated Circuits
Verilog Ams Used In Top Down Methodology For Wireless Integrated CircuitsRégis SANTONJA
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingAmr E. Mohamed
 

Similar to 20080501 software verification_sharygina_lecture01 (20)

overview.pdf
overview.pdfoverview.pdf
overview.pdf
 
digit_twin.pptx
digit_twin.pptxdigit_twin.pptx
digit_twin.pptx
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
 
digit_twin.pptx
digit_twin.pptxdigit_twin.pptx
digit_twin.pptx
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
 
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Testing Safety Critical Systems (10-02-2014, VU amsterdam)
Testing Safety Critical Systems (10-02-2014, VU amsterdam)
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
 
Ch1
Ch1Ch1
Ch1
 
Software Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life CycleSoftware Testing: Test Design and the Project Life Cycle
Software Testing: Test Design and the Project Life Cycle
 
Week6 testing-intro
Week6 testing-introWeek6 testing-intro
Week6 testing-intro
 
Close encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet CodeClose encounters in MDD: when Models meet Code
Close encounters in MDD: when Models meet Code
 
Close Encounters in MDD: when models meet code
Close Encounters in MDD: when models meet codeClose Encounters in MDD: when models meet code
Close Encounters in MDD: when models meet code
 
ICSE 2011 Research Paper on Modularity Violations
ICSE 2011 Research Paper on Modularity ViolationsICSE 2011 Research Paper on Modularity Violations
ICSE 2011 Research Paper on Modularity Violations
 
Testing of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven StrategiesTesting of Cyber-Physical Systems: Diversity-driven Strategies
Testing of Cyber-Physical Systems: Diversity-driven Strategies
 
Using capability assessment during product design
Using capability assessment during product designUsing capability assessment during product design
Using capability assessment during product design
 
2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems2016-04-28 - VU Amsterdam - testing safety critical systems
2016-04-28 - VU Amsterdam - testing safety critical systems
 
Verilog Ams Used In Top Down Methodology For Wireless Integrated Circuits
Verilog Ams Used In Top Down Methodology For Wireless Integrated CircuitsVerilog Ams Used In Top Down Methodology For Wireless Integrated Circuits
Verilog Ams Used In Top Down Methodology For Wireless Integrated Circuits
 
Design for Testability
Design for Testability Design for Testability
Design for Testability
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software Testing
 

More from Computer Science Club

20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugsComputer Science Club
 
20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugsComputer Science Club
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugsComputer Science Club
 
20140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture1220140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture12Computer Science Club
 
20140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture1120140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture11Computer Science Club
 
20140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture1020140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture10Computer Science Club
 
20140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture0920140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture09Computer Science Club
 
20140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture0220140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture02Computer Science Club
 
20140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture0120140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture01Computer Science Club
 
20140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-0420140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-04Computer Science Club
 
20140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture0120140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture01Computer Science Club
 

More from Computer Science Club (20)

20141223 kuznetsov distributed
20141223 kuznetsov distributed20141223 kuznetsov distributed
20141223 kuznetsov distributed
 
Computer Vision
Computer VisionComputer Vision
Computer Vision
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
 
20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
 
20140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture1220140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture12
 
20140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture1120140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture11
 
20140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture1020140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture10
 
20140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture0920140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture09
 
20140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture0220140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture02
 
20140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture0120140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture01
 
20140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-0420140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-04
 
20140223-SuffixTrees-lecture01-03
20140223-SuffixTrees-lecture01-0320140223-SuffixTrees-lecture01-03
20140223-SuffixTrees-lecture01-03
 
20140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture0120140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture01
 
20131106 h10 lecture6_matiyasevich
20131106 h10 lecture6_matiyasevich20131106 h10 lecture6_matiyasevich
20131106 h10 lecture6_matiyasevich
 
20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich
 
20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich
 
20131013 h10 lecture4_matiyasevich
20131013 h10 lecture4_matiyasevich20131013 h10 lecture4_matiyasevich
20131013 h10 lecture4_matiyasevich
 
20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich
 
20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

20080501 software verification_sharygina_lecture01

  • 1. Assuring Software Quality by Model Checking Natasha Sharygina University of Lugano and Carnegie Mellon University Acknowledgment: Prof. Ed Clarke, Carnegie Mellon University 1
  • 2. USS Yorktown Embedded Software F/A 22 Embedded BUGS? 2
  • 3. French Guyana, June 4, 1996 $600 million software failure 3
  • 4. Mars, December 3, 1999 Crashed due to uninitialized 4 variable
  • 5. Cost of Software Errors June 2002 “Software bugs, or errors, are so prevalent and so detrimental that they cost the U.S. economy an estimated $59.5 billion annually, or about 0.6 percent of the gross domestic product … At the national level, over half of the costs are borne by software users and the remainder by software developers/vendors.” NIST Planning Report 02-3 The Economic Impacts of Inadequate Infrastructure for Software Testing 5
  • 6. Cost of Software Errors “The study also found that, although all errors cannot be removed, more than a third of these costs, or an estimated $22.2 billion, could be eliminated by an improved testing infrastructure that enables earlier and more effective identification and removal of software defects.” 6
  • 7. Model Checking • Developed independently by Clarke and Emerson and by Queille and Sifakis in early 1980’s. • Properties are written in propositional temporal logic. • Systems are modeled by finite state machines. • Verification procedure is an exhaustive search of the state space of the design. • Model checking complements testing/simulation. 7
  • 8. Advantages of Model Checking • No proofs!!! • Fast (compared to other rigorous methods) • Diagnostic counterexamples • No problem with partial specifications / properties • Logics can easily express many concurrency properties 8
  • 9. Model of computation Microwave Oven Example State-transition graph describes system evolving ~ Start ~ Close over time. σ ~ Heat ~ Error τ Start ~ Start ~ Start ~ Close Close Close ~ Heat Heat ~ Heat Error ~ Error ~ Error Start Start Start Close Close Close ~ Heat ~ Heat Heat Error ~ Error ~ Error 9
  • 10. Temporal Logic The oven doesn’t heat up until the door is closed. Not heat_up holds until door_closed (~ heat_up) U door_closed 10
  • 11. Basic Temporal Operators The symbol “p” is an atomic proposition, e.g. “heat_up” or “door_closed”. • Fp - p holds sometime in the future. • Gp - p holds globally in the future. • Xp - p holds next time. • pUq - p holds until q holds. 11
  • 12. Model Checking Problem Let M be a model, i.e., a state-transition graph. Let ƒ be the property in temporal logic. Find all states s such that M has property ƒ at state s. Efficient Algorithms: CE81, CES83 12
  • 13. The EMC System 1982/83 Preprocessor Model Checker Model Checker Preprocessor (EMC) (EMC) Properties Properties State Transition Graph State Transition Graph True or Counterexamples True or Counterexamples 1044 to 1055states 10 to 10 states 13
  • 14. Model Checker Architecture System Description Formal Specification State Explosion Problem!! Validation or Counterexample Model Checker 14
  • 15. The State Explosion Problem System Description Combinatorial explosion of system Combinatorial explosion of system states renders explicit states renders explicit model construction infeasible. model construction infeasible. State Transition Graph Exponential Growth of … Exponential Growth of … … global state space in number of concurrent components. … global state space in number of concurrent components. … memory states in memory size. … memory states in memory size. Feasibility of model checking inherently tied to handling state explosion. 15
  • 16. Combating State Explosion • Binary Decision Diagrams can be used to represent state transition systems more efficiently. Symbolic Model Checking 1992 • Semantic techniques for alleviating state explosion: – Partial Order Reduction. – Abstraction. – Compositional reasoning. – Symmetry. – Cone of influence reduction. – Semantic minimization. 16
  • 17. Model Checking since 1981 1981 Clarke / Emerson: CTL Model Checking 105 Sifakis / Quielle 1982 EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990 Symbolic Model Checking 10100 Burch, Clarke, Dill, McMillan 1990s: Formal Hardware 1992 SMV: Symbolic Model Verifier Verification in Industry: McMillan Intel, IBM, Motorola, etc. 1998 Bounded Model Checking using SAT 101000 Biere, Clarke, Zhu 2000 Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith 17
  • 21. Skies Above Us Galaxies in the (observable) universe: 2.5 ・ 1011 Stars in the Milky Way: 4 ・1011 Stars in the universe: 1023 A small sequential circuit may have more than 10100 states 21
  • 22. Model Checking since 1981 1981 Clarke / Emerson: CTL Model Checking Sifakis / Quielle 1982 EMC: Explicit Model Checker Clarke, Emerson, Sistla 1990 Symbolic Model Checking Burch, Clarke, Dill, McMillan 1992 SMV: Symbolic Model Verifier McMillan 1998 Bounded Model Checking using SAT Biere, Clarke, Zhu CBMC 2000 Counterexample-guided Abstraction Refinement Clarke, Grumberg, Jha, Lu, Veith MAGIC 2002 SAT-based Software Model Checking SATABS 22 Kroening, Sharygina, Yorav, Clarke
  • 23. Grand Challenge: Model Check Software ! What makes Software Model Checking different ? 23
  • 24. What Makes Software Model Checking Different ? • Large/unbounded base types: int, float, string • User-defined types/classes • Pointers/aliasing + unbounded #’s of heap- allocated cells • Procedure calls/recursion/calls through pointers/dynamic method lookup/overloading • Concurrency + unbounded #’s of threads 24
  • 25. What Makes Software Model Checking Different ? • Templates/generics/include files • Interrupts/exceptions/callbacks • Use of secondary storage: files, databases • Absent source code for: libraries, system calls, mobile code • Esoteric features: continuations, self-modifying code • Size (e.g., MS Word = 1.4 MLOC) 25
  • 26. Grand Challenge: Model Check Software ! Early attempts in the 1980s failed to scale. 2000s: renewed interest / demand: Java Pathfinder: NASA Ames SLAM: Microsoft Bandera: Kansas State BLAST: Berkeley … SLAM is shipped to Windows device driver developers. In general, these tools are unable to handle complex data 26 structures and concurrency.
  • 27. SATABS Tool: Counterexample-Guided Abstraction Refinement Memory Abstract State Memory Abstract Memory Abstraction State Memory State Memory State State Memory State Memory State Memory State Abstraction maps classes of similar memory Memory Abstraction maps classes of similar memory State states to single abstract memory states. states to single abstract memory states. Memory State + Model size drastically reduced. + Model size drastically reduced. --Invalid counterexamples possible. Invalid counterexamples possible. 27
  • 28. Existential Abstraction Given an abstraction function α : S → Sα, the concrete states are grouped and mapped into abstract states : Mα α α α Preservation Theorem ? M 28
  • 29. Automatic Abstraction Mα Spurious Initial Abstraction Spurious counterexample Refinement Refinement Validation or Counterexample Correct ! M Original Model 29
  • 30. CEGAR CounterExample-Guided Abstraction Initial Refinement Abstraction Verification No error C Abstract Model or bug found model Program Checker Property holds Counterexample Simulation Abstraction refinement Refinement sucessful Simulator Bug found Spurious counterexample 30