Corral: A Solver for Reachability-Modulo-Theoriesiwls.org/iwls2012/invited/shaz.pdf · Shaz Qadeer...

1
Corral: A Solver for Reachability-Modulo-Theories Shaz Qadeer Microsoft Research 1. ABSTRACT Satisfiability solvers for propositional logic have had tremen- dous impact on hardware modeling and verification. Un- fortunately, propositional logic is insufficient for reasoning about software. Precise models for software executions must cater to complex control flow (e.g., procedure calls, multi- threading) and complex data manipulation (e.g., object hi- erarchies, pointers). To enable precise reasoning about soft- ware executions, we introduce a simple modeling language that includes features such as nondeterministic choice, loops, and (synchronous and asynchronous) procedure calls. We al- low state update to be modeled using two-state predicates that relate the current and next values of program variables, requiring only that satisfiability for these predicates be effi- ciently decidable. For programs in this language, we refer to the problem of deciding whether a particular control location is reachable as the reachability-modulo-theories problem. We will argue that reachability-modulo-theories is a flexi- ble foundation for building a variety of software analyzers, including tools for finding bugs, answering developer ques- tions, and debugging crash dumps. We will describe Corral, a semi-algorithm for the reachability-modulo-theories prob- lem. We have evaluated Corral against other related tools and found that it consistently out-performs its competitors on a variety of benchmarks. 2. SPEAKER BIOGRAPHY Shaz Qadeer is a Senior Researcher in the RiSE group (Research in Software Engineering) at Microsoft. He re- ceived his Ph.D. from the University of California at Berke- ley and worked at Compaq Systems Research Center before joining Microsoft Research. He is interested in automated reasoning, software testing and verification, and languages for parallel and distributed programming. He has spent a significant part of his professional life developing simple and practical methods for reasoning about concurrent pro- grams. You can get more information about his activities at http://research.microsoft.com/en-us/people/qadeer/

Transcript of Corral: A Solver for Reachability-Modulo-Theoriesiwls.org/iwls2012/invited/shaz.pdf · Shaz Qadeer...

Page 1: Corral: A Solver for Reachability-Modulo-Theoriesiwls.org/iwls2012/invited/shaz.pdf · Shaz Qadeer is a Senior Researcher in the RiSE group (Research in Software Engineering) at Microsoft.

Corral: A Solver for Reachability-Modulo-TheoriesShaz QadeerMicrosoft Research

1. ABSTRACTSatisfiability solvers for propositional logic have had tremen-

dous impact on hardware modeling and verification. Un-fortunately, propositional logic is insufficient for reasoningabout software. Precise models for software executions mustcater to complex control flow (e.g., procedure calls, multi-threading) and complex data manipulation (e.g., object hi-erarchies, pointers). To enable precise reasoning about soft-ware executions, we introduce a simple modeling languagethat includes features such as nondeterministic choice, loops,and (synchronous and asynchronous) procedure calls. We al-low state update to be modeled using two-state predicatesthat relate the current and next values of program variables,requiring only that satisfiability for these predicates be effi-ciently decidable. For programs in this language, we refer tothe problem of deciding whether a particular control locationis reachable as the reachability-modulo-theories problem.We will argue that reachability-modulo-theories is a flexi-ble foundation for building a variety of software analyzers,including tools for finding bugs, answering developer ques-tions, and debugging crash dumps. We will describe Corral,a semi-algorithm for the reachability-modulo-theories prob-lem. We have evaluated Corral against other related toolsand found that it consistently out-performs its competitorson a variety of benchmarks.

2. SPEAKER BIOGRAPHY

Shaz Qadeer is a Senior Researcher in the RiSE group(Research in Software Engineering) at Microsoft. He re-ceived his Ph.D. from the University of California at Berke-ley and worked at Compaq Systems Research Center beforejoining Microsoft Research. He is interested in automatedreasoning, software testing and verification, and languagesfor parallel and distributed programming. He has spenta significant part of his professional life developing simpleand practical methods for reasoning about concurrent pro-grams. You can get more information about his activities athttp://research.microsoft.com/en-us/people/qadeer/

Sanjit A. Seshia - University of California, Berkeley5.Ankush Desai, Sanjit A. Seshia, Shaz Qadeer, David Broman, and John C. Eidson, Approximate Synchrony: An Abstraction for Distributed

Sanjit A. Seshia - University of California, Berkeley5.Ankush Desai, Sanjit A. Seshia, Shaz Qadeer, David Broman, and John C. Eidson, Approximate Synchrony: An Abstraction for Distributed

Context-bounded model checking of concurrent software Shaz Qadeer Microsoft Research Joint work with: Jakob Rehof, Microsoft Research Dinghao Wu, Princeton.

Context-bounded model checking of concurrent software Shaz Qadeer Microsoft Research Joint work with: Jakob Rehof, Microsoft Research Dinghao Wu, Princeton.

E Business shaz

E Business shaz

Corral: A Solver for Reachability Modulo Theories · Corral: A Solver for Reachability Modulo Theories Akash Lal Shaz Qadeer Shuvendu K. Lahiri April 2012 Technical Report MSR-TR-2012-09

Corral: A Solver for Reachability Modulo Theories · Corral: A Solver for Reachability Modulo Theories Akash Lal Shaz Qadeer Shuvendu K. Lahiri April 2012 Technical Report MSR-TR-2012-09

Predicate Abstraction for Software Verification Shaz Qadeer Compaq Systems Research Center (joint work with Cormac Flanagan)

Predicate Abstraction for Software Verification Shaz Qadeer Compaq Systems Research Center (joint work with Cormac Flanagan)

Generalizing Reduction and Abstraction to Simplify Concurrent Programs: The QED Approach Shaz Qadeer Microsoft Research Redmond, WA Serdar Taşıran Serdar.

Generalizing Reduction and Abstraction to Simplify Concurrent Programs: The QED Approach Shaz Qadeer Microsoft Research Redmond, WA Serdar Taşıran Serdar.

Concurrency Checking with CHESS: Learning from Experience Tom Ball, Sebastian Burckhardt, Chris Dern, Madan Musuvathi, Shaz Qadeer.

Concurrency Checking with CHESS: Learning from Experience Tom Ball, Sebastian Burckhardt, Chris Dern, Madan Musuvathi, Shaz Qadeer.

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]

Zing: A Systematic State Explorer for Concurrent Software Tony Andrews Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Zing: A Systematic State Explorer for Concurrent Software Tony Andrews Shaz Qadeer Sriram K. Rajamani Jakob Rehof Microsoft Research.

Piranha - Barroso · Basem Nayfeh Andreas Nowatzyk Joan Pendleton Shaz Qadeer Brian Robinson Barton Sano Daniel Scales Ben Verghese ... – limit fan-out/fan-in serialization with

Piranha - Barroso · Basem Nayfeh Andreas Nowatzyk Joan Pendleton Shaz Qadeer Brian Robinson Barton Sano Daniel Scales Ben Verghese ... – limit fan-out/fan-in serialization with

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Iterative Context Bounding for Systematic Testing of Multithreaded Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research

Using SMT solvers for program analysis Shaz Qadeer Research in Software Engineering Microsoft Research

TSML Report - Shaz

TSML Report - Shaz

Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.

Types for Atomicity Authors: Cormac Flanagan, UC Santa Cruz Stephen Freund, Marina Lifshin, Williams College Shaz Qadeer, Microsoft Research Presentation.

CHESS : Systematic Testing of Concurrent Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

CHESS : Systematic Testing of Concurrent Programs Madan Musuvathi Shaz Qadeer Microsoft Research.

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

Modular Verification of Multithreaded Software Shaz Qadeer Compaq Systems Research Center Shaz Qadeer Compaq Systems Research Center Joint work with Cormac.

C. Flanagan1Types for Atomicity Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.

C. Flanagan1Types for Atomicity Cormac Flanagan UC Santa Cruz Stephen N. Freund Williams College Shaz Qadeer Microsoft Research Analysis of Concurrent.

Back to the Future: Revisiting Precise Program Verification Using SMT Solvers Shuvendu Lahiri Shaz Qadeer Microsoft Research, Redmond Presented earlier.

Back to the Future: Revisiting Precise Program Verification Using SMT Solvers Shuvendu Lahiri Shaz Qadeer Microsoft Research, Redmond Presented earlier.

Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,

Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,

Model Checking Concurrent Software Shaz Qadeer Microsoft Research.

Model Checking Concurrent Software Shaz Qadeer Microsoft Research.