Qualifiable Model Checkers - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Qualifiable Model Checkers

Description:

Qualifiable Model Checkers. Songtao Xia and Ben Di Vito. Outline. Model checkers add functionality and flexibility to software certification. Proof-carrying Code ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 23
Provided by: mwwh
Category:

less

Transcript and Presenter's Notes

Title: Qualifiable Model Checkers


1
Qualifiable Model Checkers
  • Songtao Xia and Ben Di Vito

2
Outline
  • Model checkers add functionality and flexibility
    to software certification
  • Proof-carrying Code
  • New applications
  • Structure of model checkers
  • Solution reuse of transition information
  • Plan

3
Terminology
  • Server software developer obligated to show the
    correctness of the software
  • Client the regulatory authority responsible to
    independently verify a servers claim
  • Certificate artifacts that the server presents
    to help prove the correctness
  • Reverification clients activity to
    independently check the servers claim
  • Trust base set of tools the client must trust to
    achieve reverification

4
Software Certification
  • Peer review/testing
  • Advantage easy to learn/understand process
  • Disadvantage we dont know how much is enough
  • Proof-carrying code
  • Advantage indisputable mathematical facts as
    certifcates, automation in tool support (for
    certain properties), small trust base
  • Disadvantage expressive power/automation trade
    off

5
Proof-carrying code
Server Side
Client Side
Program
VCGen
VCGen
Verification Conditions
Theorem Prover
ProofChecker
Proof
6
Proof-carrying Code
  • Automatic for certain properties
  • Memory safety and type safety
  • Other domain-specific properties
  • Proof property specific
  • VCGen often tied to class of properties
  • Not flexible

7
Model Checker
  • Software model checking with predicate
    abstraction
  • For safety properties
  • For engineering programs
  • Protocol verification

8
Using model checker
  • Automation
  • Functionality
  • Flexibility
  • But qualification issue
  • Model checkers are more complicated than a
    proof-checker

9
New Application 1
Server Side
Client Side
Program
ModelValidator
ModelAbstraction
Spin Model
Model Checker
ModelChecker
10
New Application 2Abstraction-carrying Code (ACC)
Server Side
Client Side
Program
ModelValidator
PredicateAbstraction
Boolean Program
Model Checker
ModelChecker
11
Predicate Abstraction
  • Observe the programs behavior over value changes
    of a set of predicates
  • Example consider x over xgt0corresponding BP
    if b then b true else b unknown, where b
    represents xgt0
  • Reduce state space

12
BP Validator
  • Validation of Hoare Triples
  • xgt0 x xgt0
  • Implemented in ACCEPT (ACC Evaluation Prototype
    System) as dependent typed assembly language type
    checking

13
Complexity of Model Checkers
  • General purpose model checkers
  • Explicit state model checkers
  • Symbolic model checkers
  • Spin, JPF, SMV,
  • Special purpose model checkers
  • For an often simplified model
  • Moped, Bebop

14
Cost of software qualification
  • Expensive

15
Cost of software qualification
  • More expensive
  • for larger, more complicated programs
  • Programs in the trust base must be qualified

16
Structure of Model Checkers
Relatively Simple Search
Search Engine
Next state ?
State Management
PathManagement
17
Run Model Checker Twice
Relatively Simple Search
Search Engine
Next state ?
State Management
PathManagement
Chance to reuse information from previous run
18
Run Model Checker Twice
Instead of computation, we verify the results
Relatively Simple Search
Search Engine
Is Next State x?
Coverage Testing
Optimization conditionverification
19
Example BP model checker
  • BP statement if (b1) then b2 b1 b3
  • If we know nextState((1,1,0)) (1,0,0))
  • We can use a Boolean evaluator, very efficient, a
    few lines of code
  • Result we can save ourselves a BDD library from
    the trust base!

20
Research Plan
  • Moped a model checker for push-down systems
  • Model checks BP
  • BDD library is large than the source code itself
  • Reduce the size of moped to a few thousands lines
    of code

21
Evaluation Plan
  • To watch performance should not be severely
    affected
  • ACCEPT/C
  • A prototype we have built to evaluate
    Abstraction-carrying code
  • Plug modified moped back to ACCEPT/C, evaluates
    its performance and compare it to the original
    Moped

22
Related Work
  • Proof-emitting model checkers
  • Software model checking
  • Model-carrying code
Write a Comment
User Comments (0)
About PowerShow.com