Software Model Checking
Andrey Rybalchenko Max Planck Institute for Software Systems
Incomplete notes summarizing the 2nd lecture, Nov 5th, 2007
1
�Today
• Administrativia
– HISPOS registration for exams deadline Dec 1, 2007 – New location for lectures and tutorials see the webpage
• Topics
– Programs
• computations and related objects • symbolic representation • modeling data: integers, arrays, objects
– Testing – Directed automated random testing
2
�Programs
• Program P consists of V – set of variables L – set of control locations l0 – initial location, l0 2 L lE – error location, lE 2 L T – set of transitions • Let V’ be a set of primed program variables • Each transition t 2 T is a triple (l, , l’) l – start location, l \in L – transition relation, represented by a formula over V and V’ l’ – final location, l’ \in L
3
�States, sets, relations
• Program state is a valuation of program variables
– use s for states – s(v) is the value of the variable v in the state s
• S – the set of all program states • Symbolic representation of sets:
• Symbolic representation of binary relations:
– State s satisfies a formula over V = (v1, ..., vn) iff Æ v1=s(v1) Æ ... Æ vn = s(vn) evaluates to true, written as s ² – Formula over V represents a set of states X: S = { s | s ² } – use formula over V and V’ – pair of states s and s’ satisfies iff Æ v1=s(v1) Æ ... Æ vn = s(vn) Æ v’1=s’(v1) Æ ... Æ v’n = s’(vn) evaluates to true, written as (s, s’) ² – Formula over V and V’ represents a binary relation over states R: S = { (s, s’) | (s, s’) ² }
4
�Computations and paths
•
finite or infinite sequence of states (l1, s1) , (l2, s2), ... such that 1. l1 = l0 – initial location 2. for each i = 1 to length of there exists transition (l, , l’) 2 T such that li = l, (si, si+1) ² , and li+1 = l’ written as si – t ! si+1
Program computation:
• • • •
is safe if error location lE is not visited Program terminates if there is no infinite computation Program path is a sequence of transitions Path t1, t2, ... is feasible if there is a computation s1, s2, ... induced by the path, i.e., si – ti ! si+1 for each ti
5
�Path relation
• Relational composition of and over V and V’: ± = 9 V’’: [V’’/V’] Æ [V’’/V] • Path relation of path = t1, ..., tn • = 1 ± ... ± n
6
�Modeling data
• Program variables range over intended data domains, e.g. integers, Booleans, arrays, objects, etc. • We use logical theories to describe sets of states and binary relations over states. • For integer variables, we may use the theory of linear arithmetic. • For arrays, the theory of arrays • Please read: Modeling data structures article in Viktor Kuncak’s lecture notes What's decidable about arrays [optional]
7
�Testing
• Please read Sections 1 to 9 in Software Testing article at Wikipedia Software Testing
8
�Directed Automated Random Testing
• Please read slides 29 to 50 from Patrice Godefroid’s presentation on Dynamic and Static Analysis
9
�