Model construction and verification for dynamic programming languages

  • Slides: 11
Download presentation
Model construction and verification for dynamic programming languages Radu Iosif (iosif@cis. ksu. edu)

Model construction and verification for dynamic programming languages Radu Iosif (iosif@cis. ksu. edu)

Outline üSemantics of dynamic programs üExtensions to the BIR language üThe d. SPIN model

Outline üSemantics of dynamic programs üExtensions to the BIR language üThe d. SPIN model checker üSymmetry and Partial Order reductions üAbstractions for dynamic languages

Semantics üIn a dynamic program the number of state components changes constantly along an

Semantics üIn a dynamic program the number of state components changes constantly along an execution path üConfigurations are described by means of partial mappings üTransitions define also how components are added/removed from configurations

Domains and operations (exp) Store = Variables Values Heap = (Locations Store ) X

Domains and operations (exp) Store = Variables Values Heap = (Locations Store ) X Locations Thread = Control X Store Pool = (Thread. Id Thread ) X Thread. Id State = Store X Heap X Pool new : Heap X Locations start : Pool X Thread. Id

Bandera IR üA dynamic guarded commands language (invented by James Corbett) üOperational semantics definition

Bandera IR üA dynamic guarded commands language (invented by James Corbett) üOperational semantics definition ü led to the discovery of a number of inconsistencies, e. g. in the runtime type system üExtended to handle dynamic threads in addition to heap objects

Future plans for BIR/back-end üRecursive functions and polymorphism üExceptions ü issues related to the

Future plans for BIR/back-end üRecursive functions and polymorphism üExceptions ü issues related to the observation of exceptional events by a property üBuild a d. SPIN target

d. SPIN: dynamic SPIN üExtension of the SPIN model checker with support for: ü

d. SPIN: dynamic SPIN üExtension of the SPIN model checker with support for: ü ü pointers dynamic creation of objects recursive functions and polymorphic calls garbage collection www. cis. ksu. edu/~iosif/dspin

d. SPIN (cont. ) üAdding dynamic features to the input languages causes the state

d. SPIN (cont. ) üAdding dynamic features to the input languages causes the state space to blow up üOn-the-fly reductions: ü ü ü canonical symmetry reductions for heap model checking algorithm that combines heap with process symmetry use of partial order reductions in combination with heap symmetry

Symmetry and PO reduction üBasic idea: heap objects can be ordered (strictly and totally)

Symmetry and PO reduction üBasic idea: heap objects can be ordered (strictly and totally) based on their reachability chains üCombining heap with process symmetry uses the idea of path unwinding üThis strategy makes symmetry reductions compatible with fairness üBetter PO reduction by extending the notion of independence to allocators

Future plans for d. SPIN üDefine the semantics of and implement imprecise exceptions üAdd

Future plans for d. SPIN üDefine the semantics of and implement imprecise exceptions üAdd support for handling heap abstractions üUse of pointer and escape analysis to further improve partial order reduction

Abstractions for dynamic languages 1. Heap abstractions (shape graphs) investigate the use of program

Abstractions for dynamic languages 1. Heap abstractions (shape graphs) investigate the use of program transformation vs. on-the-fly parametric techniques 2. refinement of abstractions 1. what kind of predicates should be added? 2. how can the property guide the refinement? 3. how can we use counterexamples? 2. Other abstractions: threads, locks, stack