This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Verifying Distributed Algorithms via Dynamic Analysis and Theorem Proving Toh Ne Win and Michael Ernst Technical report MIT-LCS-TR-841 May 25, 2002 MIT Lab for Computer Science 200 Technology Square Cambridge, MA 02139 USA firstname.lastname@example.org, email@example.com Abstract We use output from dynamic analysis to assist theorem-proving of safety properties of distributed algorithms. The algorithms are written in the IOA language, which is based on the mathematical I/O automaton model. Daikon, a dynamic invariant discovery tool, generalizes from test executions, producing assertions about the observed behavior of the algorithm. We use these relatively simple run-time properties as lemmas in proving program properties. These lemmas are necessary, but easy for humans to overlook. Furthermore, the lemmas decompose complex steps into simple ones that theorem provers can manage mostly unassisted, thus reducing the human effort required to prove interesting algorithm properties. In several experiments, Daikon produced all or most of the lemmas required for correctness proofs, automating the most difficult part of the process, which usually requires human insight. This verification technique is a worthwhile alternative to using only static analysis with model checkers or theorem provers, or only dynamic analysis with simulators and runtime analyzers. Our technique combines the advantages of static and dynamic analysis: it is sound and scales to algorithms with unbounded processes and variable sizes. Further, it can suggest and verify new program properties that the designer might not have envisioned. 1 Introduction Computerized methods for analyzing safety properties of concurrent algorithms fall into two basic categories: static and dynamic. Static analysis reasons about all executions of a program, either by exhaustively checking all reachable states (as in model checkers) or by logical reasoning (as in theorem provers). Dynamic analysis examines some subset of the executions, usually through test cases, and points out violations of safety properties, or generalizes from observed behavior. Dynamic analysis is unsound, as it does not see all executions, while static analysis does not scale well (model checking) or requires much human effort (theorem proving). Our research combines the complementary strengths of dynamic and static methods. We employ dynamic analysis to discover simple likely program properties and use these as lemmas in the proofs 1 of more complex properties in a theorem prover. These properties are necessary when using a prover, but they can be so numerous and so simple that humans overlook them. Additionally, because theorem-provers can often automatically prove simple properties, proposing these intermediate steps can reduce human effort. The end result is sound, but eliminates some steps that require human interaction and insight. Moreover, our approach is more scalable in some ways than the other major method of static verification, model checking. Finally, it permits runtime exploration andmajor method of static verification, model checking....
View Full Document
This note was uploaded on 02/24/2012 for the course CSE 503 taught by Professor Davidnotikin during the Spring '11 term at University of Washington.
- Spring '11