Software Verification Tools: Current State and the Nearest Future - PowerPoint PPT Presentation
Title:
Software Verification Tools: Current State and the Nearest Future
Description:
Victor Kuliamin Institute for System Programming Russian Academy of Sciences Moscow Modern verification tools Use basic services of component technologies Integrate a ... – PowerPoint PPT presentation
Number of Views:90
Avg rating:3.0/5.0
Title: Software Verification Tools: Current State and the Nearest Future
1
Software Verification Tools Current State and
the Nearest Future
- Victor Kuliamin
- Institute for System Programming
- Russian Academy of Sciences
- Moscow
2
Software development trends
- Growth of software complexity
- Degradation of software quality
Bugs per 1000 LOC
3
Software Verification
- Checking consistency between different
- development artifacts, relevant standards,
- and between them all and real system operation
Development Processes
Standards and Rules
Design
Source Code
System Operation
Requirements
4
Traditional Verification methods
- Review (inspection)
- Static analysis
- Correctness rules checking
- Bug search
- Dynamic analysis
- Monitoring
- Testing
- Formal methods
- Theorem proving
- Model checking
5
Static and dynamic analysis
- Static analysis
- Dynamic analysis
? ?
Analysis Tool
Requirements Rules
Source Code
System Operation
? ?
Test Generation
Requirements Rules
Monitoring Environment
Users
6
Formal verification methods
- Theorem proving R. Floyd 1967, C. A. R. Hoare
1969 - Hoare logic Pre Program Post
- Inference rules
- Model checking E. M. Clarke E. A. Emerson
1980, J. P. Queille J. Sifakis 1982 - Analysis of reachable states
7
Hybrid Verification Techniques
Testing
- Model based testing
- Extended static analysis
- Runtime verification
- Compound structured testing
- Auxiliary
- Symbolic execution
- Abstract interpretation
- Constraint inference
- Constraint resolution
Formal models
Monitoring
Static analysis
8
Symbolic execution
- J. C. King, L. A. Clark 1976
if(x gt 0) y x2 else if(x gt -1) y
x1 else y x
(x gt 0) ? (y x2) (x
0 x gt -1) ? (y x1) (x -1)
? (y x)
9
abstract Interpretation
- P. Cousot R. Cousot 1977
- Abstract Domains
- Octagons ?x ? y a
- Polyhedra
- Heap structures
- Bit vectors
... while ( (x 0) (2f(x) lt zg(y/2.5))
) ... x ...
... while ( B ) ... B false ...
10
Constraint inference
- Daikon 1999 MIT
- M. D. Ernst
- http//groups.csail.mit.edu/pag/daikon/
- , ?, lt, , ax by cz d 0, x y2, x y
0 - ?, ?, ?, ?, A?B?, subsequence, no duplicates,
reverse - Houdini 2001 Flanagan, Leino
- DIDUCE 2002 Stanford University
- Agitator 2003 Agitar
- DySy 2007 Tillmann, Csallner, Smaragdakis
11
Constraint resolution
- SAT solvers DPLL algorithm 1962
- SMT solvers Satisfiability modulo Theory
- CVC 2002 StanfordD. L. Dill, C. W. Barrett, A.
Stump - Yices 2005 SRI InternationalB. Dutertre, L. de
Moura - Z3 2006 Microsoft ResearchL. de Moura, N. S.
Bjørner
SMT-LIB http//combination.cs.uiowa.edu/smtlib/
12
Hybrid Verification Techniques
- Model based testing
- Extended static analysis
- Runtime verification
- Compound structured testing
13
Model based testing (MBT)
- FSM-based testing F. C. Hennie 1964, M. P.
Wasilevsky 1973
Test action generator
12
36
57
87
Adequacy metric
Adequacy criteria
System under test
State model and oracle
State model
Behavior model
14
Model based testing Tools
- Automata (FSM, LTS, ASM)
- TGV 1997 INRIA T. Jéron et al.http//www.inri
alpes.fr/vasy/cadp/man/tgv.html - TorX 1999 University of TwenteJ. Tretmans et
al.http//fmt.cs.utwente.nl/tools/torx/introducti
on.html - Gotcha-TCBeans 1999 IBM ResearchA. Hartman et
al. - Automata Software Contracts
- UniTESK 2000 ISP RASA. Petrenko et
al.http//www.unitesk.com - SpecExplorer 2004 Microsoft ResearchW. Schulte
et al. symbolic executionhttp//research.micros
oft.com/en-us/projects/SpecExplorer/
15
NEXT generation of MBT tools
- ModelJUnit 2004 Waikato University M. Utting
et al.http//czt.sourceforge.net/modeljunit/index
.html - NModel 2007 Univ. of Washington
- Microsoft ResearchJ. Jacky, M. Veanes et
al.http//nmodel.codeplex.com/
16
Nmodel Example (part I)
- namespace ClientServer
- Feature public partial class Server
- public static Socket serverSocket
Socket.None - public static Phase phase Phase.Send
- public static bool ServerSocketEnabled()
return (serverSocket Socket.None) - Action public static void ServerSocket()
serverSocket Socket.Created - public static bool ServerBindEnabled()
- return (serverSocket Socket.Created)
- Action public static void ServerBind()
serverSocket Socket.Bound - public static bool ServerListenEnabled()
- return (serverSocket Socket.Bound)
- Action public static void ServerListen()
serverSocket Socket.Listening - public static bool ServerAcceptEnabled()
- return (serverSocket Socket.Listening)
- Action public static void ServerAccept()
serverSocket Socket.Connected
17
NMODEL EXAMPLE (Part II)
- Feature public partial class Client
- public static Socket clientSocket
Socket.None - public static double clientBuffer
double.MaxValue - public static bool ClientSocketEnabled()
return (clientSocket Socket.None) - Action public static void ClientSocket()
clientSocket Socket.Created - public static bool ClientConnectEnabled()
- return (clientSocket Socket.Created)
- Action public static void ClientConnect()
clientSocket Socket.Connecting - public static bool ClientSendEnabled()
- return (clientSocket Socket.Connected)
- Action public static void ClientSend()
phase Phase.ServerReceive - public static bool ClientReceiveEnabled()
- return (clientSocket Socket.Connected)
- Action public static double
ClientReceive(double datum) - clientBuffer datum return datum
18
NMODEL EXAMPLE (Part III)
- Feature public partial class Server
- public static bool ClientConnectEnabled()
- return (serverSocket Socket.Listening)
- public static bool ClientSendEnabled()
- return (phase Phase.Send)
- Action public static void ClientSend()
- phase Phase.ServerReceive
- public static bool ClientReceiveEnabled()
- return (phase Phase.ClientReceive)
- Action public static void ClientReceive()
- phase Phase.Send
- Feature class Values2
- readonly static Setltdoublegt Values new
Setltdoublegt(99.9, 100.0)
19
NMODEL EXAMPLE (Part IV)
- Feature public partial class Client
- public static bool ServerAcceptEnabled()
- return (clientSocket Socket.Connecting)
- Action public static void ServerAccept()
- clientSocket Socket.Connected
20
Nmodel example composition
Server
21
Test targeting based on composition
22
Extended static checking
- G. Nelson J. B. Saxe et al. 1991
- Search for bugs
- Sound analysis
Behavior model
Analysis Tool
Requirements Rules
Source Code
Provers, Solvers, Model Checkers
23
Extended static checking tools
- ESC/Modula 3 1995 DECG. Nelson, J. B. Saxe, K.
R. M. Leino, D. Detlefs - ESC/Java 2000 CompaqK. R. M. Leino, C.
Flanagan - ASTREE 2002 CNRSP. Cousot http//www.astree.e
ns.fr/ - ESC/Java 2 2004http//kind.ucd.ie/products/opens
ource/ESCJava2/ - Simplify
- Spec Checker 2004 Microsoft ResearchK. R. M.
Leinohttp//research.microsoft.com/SpecSharp/ - Boogie
- Calysto 2008 University of British Columbia
24
Solvers integration
- Boolean satisfiability (SAT) (x1?x2)
(x1?x3) - Linear integer arithmetics x1 lt x2 3
- Floating-point arithmetics x1 x2 2.5
- Polyhedra 0.2x13x3 gt x23.7x4
- Ellipsoids 2x121.3x22 76.9
- Heap structures x1?p?p ? x2?p
25
Automatic model refinement
- Counterexample guided abstraction refinement
- CEGAR E. M. Clarke O. Grumberg et al 2000,
- T. Ball S. K. Rajamani 2000
do nPacketsOld nPackets ...
if(request) ... nPackets while
(nPackets ! nPacketsOld)
do b true ... if(request) ...
b b?false while (!b)
26
Automatic model refinement II
26 / 14
Model Checking
Correctness Rules
Behavior Model
Behavior Model
Counterexample
Model Refinement
Test Data and Scenario
Code under check
Refutation
Approval
Bug!
27
Automatic model refinement tools
- SLAM 2001 Microsoft ResearchT. Ball, S. K.
Rajamani et al.http//research.microsoft.com/en-u
s/projects/slam/ - Static Driver Verifier 2007 Microsofthttp//www.
microsoft.com/whdc/devtools/tools/sdv.mspx - BLAST 2003 UC BerkeleyT. A. Henzinger, R.
Jhala, R. Majumdar, G. Sutrehttp//mtc.epfl.ch/so
ftware-tools/blast/ - MAGIC 2003 SCS Carnegie MellonE. M. Clarke,
S. Chaki et al.http//www.cs.cmu.edu/chaki/magic
/
28
Runtime verification
- K. Havelund W. Visser 1999
- Java Path Finder
- symbolic execution
- test generation
- http//javapathfinder.sourceforge.net/
System under check
Monitoring Environment
State model and oracle
Behavior model
29
Compound Structured testing
- ??? 2003-2004
- Targeting to cover various paths in source/byte
code - Test oracle
- No exceptionsNullPointer, IndexOutOfBounds,
ClassCast, DivideByZero, IllegalArgument - Annotations and formal models
- Test data and sequences generation
- Random
- Symbolic execution constraint resolution
- State abstraction
- Heuristic search
30
crashers
- Y. Smaragdakis, C. Csallner
- JCrasher 2004
- Check-n-Crash 2005
- DSD-Crasher 2006http//ranger.uta.edu/csallner/
dsd-crasher/
Daikon
ESC/Java 2
solver
31
Directed automated random testing
- P. Godefroid, G. Agha, K. Sen 2005
- CUTE 2005 Consolic testing (concrete
symbolic) - jCUTE 2006
Execution
Program
Looking for new paths
Symbolic Execution
Tests
32
DART II
- SAGE 2007
- Pex 2007N. Tillmann, W. Schulte, J. de
Halleuxhttp//research.microsoft.com/Pex/default.
aspx
00000000h 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 ................ 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ................ 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 00 00 00 00 00 00 00 00 00
00 00 00 RIFF............ 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ................ 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 00 00 00 00 20 00
00 00 00 RIFF.... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ................ 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 ................ 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 00 00
00 00 ....strh........ 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
................ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
73 74 72 66 00 00 00 00 00 00 00 00
....strf........ 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
73 74 72 66 00 00 00 00 28 00 00 00
....strf....(... 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
73 74 72 66 00 00 00 00 28 00 00 00
....strf....(... 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 C9 9D E4 4E ............É?äN 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
73 74 72 66 00 00 00 00 28 00 00 00
....strf....(... 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 01 00 00 00 ................ 0000
0060h 00 00 00 00
....
00000000h 52 49 46 46 3D 00 00 00 20 00
00 00 00 RIFF... .... 00000010h 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
................ 00000020h 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 ................ 0000
0030h 00 00 00 00 73 74 72 68 00 00 00 00 76 69
64 73 ....strh....vids 00000040h 00 00 00 00
73 74 72 66 B2 75 76 3A 28 00 00 00
....strf²uv(... 00000050h 00 00 00 00 00 00 00
00 00 00 00 00 01 00 00 00 ................ 0000
0060h 00 00 00 00
....
Generation 0 initial input 100 bytes of 00
Generation 1
Generation 2
Generation 3
Generation 4
Generation 5
Generation 6
Generation 7
Generation 8
Generation 9
Generation 10 bug ID 1212954973! Found after
only 3 generations starting from well-formed
seed file
33
State abstraction
- EXE 2005 Stanford Univ.D. Dill, D. Engler et
al. - Randoop 2007 MIT MS ResearchT. Ball, M. D.
Ernst, C. Pacheco, S. Lahirihttp//people.csail.m
it.edu/cpacheco/randoop/1.2/doc/
34
Conclusion NEW Landscape
- Modern verification tools
- Use basic services of component technologies
- Integrate a lot of techniques
- Become highly modular
- Can be modules of each other
- Next step integration frameworks ?
- Java PathFinder
- Bogorhttp//bogor.projects.cis.ksu.edu/
- Microsoft RiSEhttp//research.microsoft.com/en-us
/um/redmond/groups/rise/
Recommended
CrystalGraphics Presentations
