A CIL Tutorial - Department of Computer Science - ETH Zürich
A CIL Tutorial - Department of Computer Science - ETH Zürich A CIL Tutorial - Department of Computer Science - ETH Zürich
CHAPTER 11. PROGRAM VERIFICATION 102 $ ciltutcc --enable-tut11 --prover=Alt-Ergo prover-version=0.94 -o tut11 test/tut11.c 11.3 Exercises 1. Use a chain of Why3 if-then-else terms to calculate the VC for C's switch statement. 2. Handle structure elds. 3. Verify an array sorting function. 4. Extend the translation of attribute parameters and terms to handle not only integer arithmetic, but also oating point arithmetic. To achieve this, the relevant theory must be added to the Why3 context, and the operations from these theories must be added to the ops type. 5. Extend the checking here to also verify that function preconditions are satised. Project: Create a tool that nds loop invariants given a post-condition and pre-condition for the loop. There are several approaches you might take. You could execute the program symbolically at the same time as it executes concretely (which we'll see how to do in Chapter 15), and assume to be symbolic invariants relationships that are concretely true at runtime. Alternately, you could repeatedly construct trial invariants out of every relationship among program variables that are live in the loop.
CHAPTER 11. PROGRAM VERIFICATION 103 11.4 Further Reading There are many approaches to, and implementations of, program verication. Here is a dated and incomplete list. This is a big area with many ongoing projects, so ask your local PL professor to point you in the right direction. • VC generation and checking: Boogie [1] • Software model checking: BLAST [4] • Explicit path model checking: CUTE [4]
- Page 53 and 54: References [1] Kumar Avijit, Pratee
- Page 55 and 56: CHAPTER 7. TYPE QUALIFIERS 53 let c
- Page 57 and 58: CHAPTER 7. TYPE QUALIFIERS 55 let w
- Page 59 and 60: CHAPTER 7. TYPE QUALIFIERS 57 $ cil
- Page 61 and 62: Chapter 8 Dependant Type Qualiers O
- Page 63 and 64: CHAPTER 8. DEPENDANT TYPE QUALIFIER
- Page 65 and 66: CHAPTER 8. DEPENDANT TYPE QUALIFIER
- Page 67 and 68: CHAPTER 8. DEPENDANT TYPE QUALIFIER
- Page 69 and 70: CHAPTER 8. DEPENDANT TYPE QUALIFIER
- Page 71 and 72: CHAPTER 8. DEPENDANT TYPE QUALIFIER
- Page 73 and 74: Chapter 9 Type Qualier Inference In
- Page 75 and 76: CHAPTER 9. TYPE QUALIFIER INFERENCE
- Page 77 and 78: CHAPTER 9. TYPE QUALIFIER INFERENCE
- Page 79 and 80: CHAPTER 9. TYPE QUALIFIER INFERENCE
- Page 81 and 82: CHAPTER 9. TYPE QUALIFIER INFERENCE
- Page 83 and 84: Chapter 10 Adding a New Kind of Sta
- Page 85 and 86: CHAPTER 10. ADDING A NEW KIND OF ST
- Page 87 and 88: CHAPTER 10. ADDING A NEW KIND OF ST
- Page 89 and 90: CHAPTER 10. ADDING A NEW KIND OF ST
- Page 91 and 92: CHAPTER 10. ADDING A NEW KIND OF ST
- Page 93 and 94: Chapter 11 Program Verication In th
- Page 95 and 96: CHAPTER 11. PROGRAM VERIFICATION 93
- Page 97 and 98: CHAPTER 11. PROGRAM VERIFICATION 95
- Page 99 and 100: CHAPTER 11. PROGRAM VERIFICATION 97
- Page 101 and 102: CHAPTER 11. PROGRAM VERIFICATION 99
- Page 103: CHAPTER 11. PROGRAM VERIFICATION 10
- Page 107 and 108: Chapter 12 Comments CIL has a very
- Page 109 and 110: CHAPTER 12. COMMENTS 107 let printC
- Page 111 and 112: References [1] Lin Tan, Ding Yuan,
- Page 113 and 114: CHAPTER 13. WHOLE-PROGRAM ANALYSIS
- Page 115 and 116: CHAPTER 13. WHOLE-PROGRAM ANALYSIS
- Page 117 and 118: CHAPTER 14. IMPLEMENTING A SIMPLE D
- Page 119 and 120: CHAPTER 14. IMPLEMENTING A SIMPLE D
- Page 121 and 122: CHAPTER 14. IMPLEMENTING A SIMPLE D
- Page 123 and 124: CHAPTER 14. IMPLEMENTING A SIMPLE D
- Page 125 and 126: CHAPTER 14. IMPLEMENTING A SIMPLE D
- Page 127 and 128: Chapter 15 Automated Test Generatio
- Page 129 and 130: CHAPTER 15. AUTOMATED TEST GENERATI
- Page 131 and 132: CHAPTER 15. AUTOMATED TEST GENERATI
- Page 133 and 134: CHAPTER 15. AUTOMATED TEST GENERATI
- Page 135 and 136: Index A (module), 10, 13, 15, 10, 1
- Page 137 and 138: INDEX 135 isCacheReportType, 11, 11
CHAPTER 11. PROGRAM VERIFICATION 102<br />
$ ciltutcc --enable-tut11 --prover=Alt-Ergo prover-version=0.94 -o tut11 test/tut11.c<br />
11.3 Exercises<br />
1. Use a chain <strong>of</strong> Why3 if-then-else terms to calculate the VC for C's switch statement.<br />
2. Handle structure elds.<br />
3. Verify an array sorting function.<br />
4. Extend the translation <strong>of</strong> attribute parameters and terms to handle not only integer arithmetic,<br />
but also oating point arithmetic. To achieve this, the relevant theory must be added to the<br />
Why3 context, and the operations from these theories must be added to the ops type.<br />
5. Extend the checking here to also verify that function preconditions are satised.<br />
Project: Create a tool that nds loop invariants given a post-condition and<br />
pre-condition for the loop. There are several approaches you might take. You<br />
could execute the program symbolically at the same time as it executes concretely<br />
(which we'll see how to do in Chapter 15), and assume to be symbolic<br />
invariants relationships that are concretely true at runtime. Alternately, you<br />
could repeatedly construct trial invariants out <strong>of</strong> every relationship among<br />
program variables that are live in the loop.
Change language