90 likes | 175 Views
CSE 637 Program Semantics and Verification. Reactive Systems. Examples: Operating Systems Embedded Systems (e.g. Heart Stimulator) Protocols Main Characteristics: Termination is rather an error than a desired outcome. Program. Environment. Properties of Reactive Systems.
E N D
Reactive Systems • Examples: Operating Systems Embedded Systems (e.g. Heart Stimulator) Protocols • Main Characteristics: Termination is rather an error than a desired outcome. Program Environment
Properties of Reactive Systems • Safety Property Something BAD never happens. Checking safety property is same as checking if a BAD state is ever reachable. Example: It never happens that all traffic lights are simultaneously green. • Liveness Property Something GOOD should eventually happen.
Verification Problem • Problem Statement: Given : A program P, and a property φ. Prove : Whether P satisfies φ. • Examples of Properties: - Program is syntactically correct. (BNF) - Program is type correct (type checking). (AST, Rules) - Array type: array (index) out of bound. (Symbolic execution) a [u + 3*v] = 5, evaluate (u+3*v) - All cars are going to eventually pass the intersection. Complexity of Property
Compiler Passes String of chars String of tokens Control/ data-flow analysis AST Intermediate code generation 3AC scanner parser
Compiler Passes (contd.) • if a > b then x = 1 else x = x + 1 • ifa>bthenx=1elsex=x+1 scanner id op id id op cnst cnst id op id op parser if then else > = = a b x 1 x + x 1
Example: Reaching Definitions b0 • while i > 0 do • x = a • y = b • if (a > b) • x = c • else • 4. y = d • i = i – 1 • od i > 0 false b1 b9 true b2 x = a b3 y = b a > b b4 b5 b6 x = c y = d b7 i = i - 1 b8
Example: Reaching Definitions (contd.) • while i > 0 do • x = a • y = b • if (a > b) • x = c • else • 4. y = d • i = i – 1 • od gen(b0) = gen(b1) = gen(b4) = gen(b7) = Ø kill(b0) = Ø gen(b2) = {1}, kill(b2) = {3} gen(b3) = {2}, kill(b3) = {4} gen(b5) = {3}, kill(b5) = {1} gen(b6) = {4}, kill(b6) = {2} gen(b8) = {5}, kill(b7) = Ø in gen b out(b) = gen(b) U (in(b) – kill(b)) kill out
Reaching Definitions Algorithm Input: CFG with gen[B], kill[B] computed for each block B. Output: in[B], out[B] for each block B. Method: iterative least fixpoint computation starting with in[B] = Ø. /* Initialize out[B] on the assumption that in[B] = Ø for all B */ • for each block B do out[B] := gen[B]; end; • change := true; • while change do begin /* fixpoint iteration */ • change := false; • for each block B do begin /* graph traversal */ in[B] := Up in pred(B) out[p]; oldout := out[B]; out[B] := gen[B] U (in[B] – kill[B]); if ( out[B] ≠ oldout ) then change := true; end; end;