Abstraction refinement with craig interpolation and symbolic pushdown systems

Counterexample-guided abstraction refinement (CEGAR) has proven to be a powerful method for software model-checking. In this paper, we investigate this concept in the context of sequential (possibly recursive) programs whose statements are given as BDDs. We examine how Craig interpolants can be computed efficiently in this case and propose a new, special type of interpolants. Moreover, we show how to treat multiple counterexamples in one refinement cycle. We have implemented this approach within the model-checker Moped and report on experiments

Automated Approaches for Program Verification and Repair

Formal methods techniques, such as verification, analysis, and synthesis,allow programmers to prove properties of their programs, or automatically derive programs from specifications. Making such techniques usable requires care: they must provide useful debugging information, be scalable, and enable automation. This dissertation presents automated analysis and synthesis techniques to ease the debugging of modular verification systems and allow easy access to constraint solvers from functional code. Further, it introduces machine learning based techniques to improve the scalability of off-the-shelf syntax-guided synthesis solvers and techniques to reduce the burden of network administrators writing and analyzing firewalls. We describe the design and implementationof a symbolic execution engine, G2, for non-strict functional languages such as Haskell. We extend G2 to both debug and automate the process of modular verification, and give Haskell programmers easy access to constraints solvers via a library named G2Q. Modular verifiers, such as LiquidHaskell, Dafny, and ESC/Java,allow programmers to write and prove specifications of their code. When a modular verifier fails to verify a program, it is not necessarily because of an actual bug in the program. This is because when verifying a function f, modular verifiers consider only the specification of a called function g, not the actual definition of g. Thus, a modular verifier may fail to prove a true specification of f if the specification of g is too weak. We present a technique, counterfactual symbolic execution, to aid in the debugging of modular verification failures. The approach uses symbolic execution to find concrete counterexamples, in the case of an actual inconsistency between a program and a specification; and abstract counterexamples, in the case that a function specification is too weak. Further, a counterexample-guided inductive synthesis (CEGIS) loop based technique is introduced to fully automate the process of modular verification, by using found counterexamples to automatically infer needed function specifications. The counterfactual symbolic execution and automated specification inference techniques are implemented in G2, and evaluated on existing LiquidHaskell errors and programs. We also leveraged G2 to build a library, G2Q, which allows writing constraint solving problemsdirectly as Haskell code. Users of G2Q can embed specially marked Haskell constraints (Boolean expressions) into their normal Haskell code, while marking some of the variables in the constraint as symbolic. Then, at runtime, G2Q automatically derives values for the symbolic variables that satisfy the constraint, and returns those values to the outside code. Unlike other constraint solving solutions, such as directly calling an SMT solver, G2Q uses symbolic execution to unroll recursive function definitions, and guarantees that the use of G2Q constraints will preserve type correctness. We further consider the problem of synthesizing functions viaa class of tools known as syntax-guided synthesis (SyGuS) solvers. We introduce a machine learning based technique to preprocess SyGuS problems, and reduce the space that the solver must search for a solution in. We demonstrate that the technique speeds up an existing SyGuS solver, CVC4, on a set of SyGuS solver benchmarks. Finally, we describe techniques to ease analysis and repair of firewalls.Firewalls are widely deployed to manage network security. However, firewall systems provide only a primitive interface, in which the specification is given as an ordered list of rules. This makes it hard to manually track and maintain the behavior of a firewall. We introduce a formal semantics for iptables firewall rules via a translation to first-order logic with uninterpreted functions and linear integer arithmetic, which allows encoding of firewalls into a decidable logic. We then describe techniques to automate the analysis and repair of firewalls using SMT solvers, based on user provided specifications of the desired behavior. We evaluate this approach with real world case studies collected from StackOverflow users

Compositional software verification based on game semantics

One of the major challenges in computer science is to put programming on a firmer mathematical basis, in order to improve the correctness of computer programs. Automatic program verification is acknowledged to be a very hard problem, but current work is reaching the point where at least the foundational�· aspects of the problem can be addressed and it is becoming a part of industrial software development. This thesis presents a semantic framework for verifying safety properties of open sequ;ptial programs. The presentation is focused on an Algol-like programming language that embodies many of the core ingredients of imperative and functional languages and incorporates data abstraction in its syntax. Game semantics is used to obtain a compositional, incremental way of generating accurate models of programs. Model-checking is made possible by giving certain kinds of concrete automata-theoretic representations of the model. A data-abstraction refinement procedure is developed for model-checking safety properties of programs with infinite integer types. The procedure starts by model-checking the most abstract version of the program. If no counterexample, or a genuine one, is found, the procedure terminates. Otherwise, it uses a spurious counterexample to refine the abstraction for the next iteration. Abstraction refinement, assume-guarantee reasoning and the L* algorithm for learning regular languages are combined to yield a procedure for compositional verification. Construction of a global model is avoided using assume-guarantee reasoning and the L* algorithm, by learning assumptions for arbitrary subprograms. An implementation based on the FDR model checker for the CSP process algebra demonstrates practicality of the methods

Rethinking teaching strategies : a framework and demonstration through augmenting Maple

In this work, an interdisciplinary approach has been adopted for the study of • teaching strategies of an Intelligent Tutoring System, in the paradigm of multiple teaching strategies, and • the use of Computer Algebra Systems (CAS) in teaching problem solving in university mathematics. As a result, the SIMTA (Styles Implemented by Methods Tactics Actions) theoretical framework has been developed to support and sustain teaching strategies in the paradigm of multiple teaching strategies. TeLoDe (TEaching Linear Ordinary Differential Equations), is a prototype Intelligent Tutoring System, teaching the ,solution of linear second order differential equations with constant coefficients in a novel way. This novel way, which has been empirically tested, has been achieved by augmenting Maple and represents an alternative use of CASs where the human lecturer and Maple are interlocked in a symbiotic and interdependent manner. In SIMTA, the contemporary concept of teaching strategy is rethought and proposed to be viewed at two fundamental levels: • the organisational level • and the operational level. The organisational level deals with the structure of the teaching strategy whereas the operational level deals with the manifestation of that structure. In SIMTA the organisational level is represented by a triple generic structure, method, tactic(s), action(s). A method is a mechanism for structuring the subject matter (e.g. analogy, examples, generalisation, specialisation). Likewise, a tactic is a mechanism for facilitating the interaction (e.g. explicit interaction, implicit interaction). An action is a low level activity such as display this message, ask this question. In SIMTA, the exact manifestation of the above generic structures (analogies, examples, implicit interaction, explicit interaction) depends on the concept of style: different styles result in different manifestations of the same generic structures. Thus, in SIMTA the concept of multiple teaching strategies is seen as merely a collection of teaching strategies manifested under the same style. These strategies operate with the aim of offering alternative representations of the same task at hand and ensuring that the lea~er is active by activating, directing and maintaining exploration. To help demonstrate the feasibility of SIMTA, two styles, the expository style and the , guided discovery style have been formed. The expository style draws on Ausubel's theory of meaningful learning, whereas, the guided discovery style draws on Bruner's work. These styles have been implemented in TeLoDe. TeLoDe, incorporates a teaching strategy module, based on a style, and declarative knowledge. Its purpose is threefold: (i) to serve as a research tool for the SIMTA framework, (ii) to serve as a prototype, demonstrating clearly how a 'second generation' CAS which undertakes the procedural aspect of mathematics allowing the human tutor to concentrate on its conceptual aspect, could be developed, (iii) to demonstrate how Maple and human lecturers are given clear roles which are, nevertheless, interdependent in carrying out the teaching of university mathematics. Two small-scale empirical studies were carried out in order to test SIMTA and TeLoDe respectively. The first study involved lecturers whereas the second study was carried out in a classroom environment. The results found from these studies demonstrate that TeLoDe has a potential as a teaching tool for problem solving in university mathematics in a novel way

Computer Aided Verification

This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications