Scribd Logo
Upload

Welcome to Scribd!

  • Automated Theorem Proving

    Uploaded by

    Lokesh
    7 views20 pages
    The document discusses program verification using Spec#. It introduces Spec# as a way to prove correctness of programs through formal specifications like preconditions, postconditions, and object invariants. It outlines the architecture of Spec#, which uses the Spec# compiler and verification code generator to generate verification code that is checked using an automatic theorem prover. Spec# extends C# with features like non-nullable types, method contracts, and exceptions to enable formal verification of C# programs.

    Original Description:

    Program Verification And Automated Theorem Proving

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses program verification using Spec#. It introduces Spec# as a way to prove correctness of programs through formal specifications like preconditions, postconditions, and object invariants. It outlines the architecture of Spec#, which uses the Spec# compiler and verification code generator to generate verification code that is checked using an automatic theorem prover. Spec# extends C# with features like non-nullable types, method contracts, and exceptions to enable formal verification of C# programs.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    7 views20 pages

    Automated Theorem Proving

    Uploaded by

    Lokesh
    The document discusses program verification using Spec#. It introduces Spec# as a way to prove correctness of programs through formal specifications like preconditions, postconditions, and object invariants. It outlines the architecture of Spec#, which uses the Spec# compiler and verification code generator to generate verification code that is checked using an automatic theorem prover. Spec# extends C# with features like non-nullable types, method contracts, and exceptions to enable formal verification of C# programs.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 20

    Program

    Verification
    Using Spec#
    Motivation
    • Prove correctness of
    the program
    • Cost effective way to
    develop and maintain
    high-quality
    software.
    Road Map
    • Design by Contract
    • Spec# Architecture
    • Demo
    Design by Contract
    • First appeared in Eiffel
    • formal, precise and
    verifiable interface
    Pre Conditions
    class ArrayList {
    public virtual void Insert( int index , object value)
    requires 0 <= index && index <= Count; //Pre condition
    { }
    Post Conditions
    class ArrayList {
    public virtual void Insert( int index , object value)
    requires 0 <= index && index <= Count;
    ensures Count == old(Count) + 1; //Post conditions
    ensures value == this[index];
    { }
    Not Enough
    • Method Constructs
    not enough
    • Enforce constraints on
    private members?
    • Abstraction Violation?
    • How to ensure object’s
    state?
    Object Invariants
    class SortOrder {
    ItemsList[ ]! randomList;
    ItemsList[ ]! sortedList;
    invariant randomList.Length == sortedList .Length;
    Blame Game
    • Require failure =>
    Blame the
    method caller (Client)

    Ensure failure =>


    Blame the
    method implementor
    (Provider)
    Spec# Architecture

    Spec# Compiler

    Verification Code Generator (Boogie)

    Automatic Theorem Prover (Boogie)


    Why extend C#???
    • Non Null Types
    • Method Contracts
    • Checked / Unchecked
    Exceptions
    Non Nullable Types
    public class Program
    {
    public static void Main(string![]! args)
    {
    for (int i=0; i< args.Length; i++)
    {
    Console.WriteLine(arg[i]);
    }
    Console.ReadLine();
    }
    }
    Exceptions

    Failures

    Provider Client

    Observed
    Admissible Program
    Errors
    Assertions???
    • Why just simple assertions can’t help?
    • Callbacks, Multi Threads, Inheritance
    Code Comparison
    C# Spec#
    public class SomeClass public class SomeClass
    { {
    public SomeClass() public SomeClass()
    { {
    }
    }
    public int SomeMethod(int i)
    public int SomeMethod(int i)
    requires i != 0;
    { {
    return 50/i; return 50/i;
    } }
    } }
    IL (C#)
    .method public hidebysig instance int32 SomeMethod(int32 i) cil managed
    {
    // Code size 5 (0x5)
    .maxstack 8
    IL_0000: ldc.i4.s 50
    IL_0002: ldarg.1
    IL_0003: div
    IL_0004: ret
    } // end of method SomeClass::SomeMethod
    IL (Spec#)
    .method public hidebysig instance int32 SomeMethod(int32 i) cil managed{
    .custom instance void
    [System.Compiler.Runtime]Microsoft.Contracts.EnsuresAttribute::.ctor(string) = smthng
    .locals init (int32 V_0, class
    [System.Compiler.Runtime]Microsoft.Contracts.ContractMarkerException V_1, int32 V_2)
    // Some Usual Operations
    .try
    {
    ….
    IL_0016: ldstr "Postcondition 'i != 0' violated from method
    classLibrary1.SomeClass.SomeMethod(System.Int32)'"
    IL_001b: newobj instance void
    [System.Compiler.Runtime]Microsoft.Contracts.EnsuresException::.ctor(string)
    IL_0020: throw
    ….
    } // end .try
    ….
    IL_002e: ret
    } // end of method SomeClass::SomeMethod
    Runtime Checks
    • Preconditions and
    postconditions are
    turned into inlined
    code
    • Performance
    • Extra methods and
    fields in the compiled
    code
    Automated Theorem Prover
    • BoogiePL
    • Simplify Theorem Prover
    • Propositional Calculus
    Demo

    You might also like