CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi...
-
Upload
sybil-blair -
Category
Documents
-
view
217 -
download
1
Transcript of CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi...
![Page 1: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/1.jpg)
CSV 889: Concurrent Software Verification
Subodh SharmaIndian Institute of Technology Delhi
Symbolic Execution
![Page 2: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/2.jpg)
Runtime Verification vs Symbolic Execution
Courtesy: Zvonimir slides from sv 2012 course
![Page 3: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/3.jpg)
Key developements
• King, CACM 1976
• Still an active area of research– CUTE [UIUC]– KLEE [Stanford]– Java Path Finder [NASA] ...
![Page 4: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/4.jpg)
Nuts and Bolts of Symbolic Execution
• Treat values of variables as symbolic• For “program path” collect constraints over
symbolic expressions– Known as “Path Conditions”
• Check feasibility at branches– By using either SAT or SMT tools – Could be used for pruning infeasible paths
• Fork and proceed
![Page 5: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/5.jpg)
Example I
Concrete execution x = 3, y = 2
![Page 6: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/6.jpg)
Example I
Symbolic execution x = a, y = b
![Page 7: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/7.jpg)
Problems with Symbolic Execution
• Constraints– Linear arithmetic– nonlinear – higher order functions– unknown data structure invariants
![Page 8: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/8.jpg)
Example II
Courtesy: S. Anand, 2009
What constraints to generate for data structure updates?
![Page 9: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/9.jpg)
Example II
Courtesy: S. Anand, 2009
Use data structure invariants
![Page 10: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/10.jpg)
Example II
Courtesy: S. Anand, 2009
Use data structure invariants
![Page 11: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/11.jpg)
Dealing with Functions
Goal: Find an input to crash the program
What is the total number of program paths leading to error()?
Key idea is to compute function summaries!
Courtesy: S. Anand, 2009
![Page 12: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/12.jpg)
Dealing with Functions
Courtesy: S. Anand, 2009
![Page 13: CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Symbolic Execution.](https://reader036.fdocuments.net/reader036/viewer/2022070403/56649f2f5503460f94c4920e/html5/thumbnails/13.jpg)
Summary
• TODAY: Basics of Symbolic Execution and the problems with it
• NEXT CLASS: State-of-the-art Symbolic execution engines (KLEE, CUTE) + Handling Concurrency