842 research outputs found
On Verifying Complex Properties using Symbolic Shape Analysis
One of the main challenges in the verification of software systems is the
analysis of unbounded data structures with dynamic memory allocation, such as
linked data structures and arrays. We describe Bohne, a new analysis for
verifying data structures. Bohne verifies data structure operations and shows
that 1) the operations preserve data structure invariants and 2) the operations
satisfy their specifications expressed in terms of changes to the set of
objects stored in the data structure. During the analysis, Bohne infers loop
invariants in the form of disjunctions of universally quantified Boolean
combinations of formulas. To synthesize loop invariants of this form, Bohne
uses a combination of decision procedures for Monadic Second-Order Logic over
trees, SMT-LIB decision procedures (currently CVC Lite), and an automated
reasoner within the Isabelle interactive theorem prover. This architecture
shows that synthesized loop invariants can serve as a useful communication
mechanism between different decision procedures. Using Bohne, we have verified
operations on data structures such as linked lists with iterators and back
pointers, trees with and without parent pointers, two-level skip lists, array
data structures, and sorted lists. We have deployed Bohne in the Hob and Jahob
data structure analysis systems, enabling us to combine Bohne with analyses of
data structure clients and apply it in the context of larger programs. This
report describes the Bohne algorithm as well as techniques that Bohne uses to
reduce the ammount of annotations and the running time of the analysis
Proving Correctness for Pointer Programs in a Verifying Compiler
This research describes a component-based approach to proving the correctness of programs involving pointer behavior. The approach supports modular reasoning and is designed to be used within the larger context of a verifying compiler. The approach consists of two parts. When a system component requires the direct manipulation of pointer operations in its implementation, we implement it using a built-in component specifically designed to capture the functional and performance behavior of pointers. When a system component requires pointer behavior via a linked data structure, we ensure that the complexities of the pointer operations are encapsulated within the data structure and are hidden to the client component. In this way, programs that rely on pointers can be verified modularly, without requiring special rules for pointers. The ultimate objective of a verifying compiler is to prove-with as little human intervention as possible-that proposed program code is correct with respect to a full behavioral specification. Full verification for software is especially important for an agency like NASA that is routinely involved in the development of mission critical systems
Proceedings of the Resolve Workshop 2006
The aim of the RESOLVE Workshop 2006 was to bring together researchers and educators interested in: Refining formal approaches to software engineering, especially component-based systems, and introducing them into the classroom. The workshop served as a forum for participants to present and discuss recent advances, trends, and concerns in these areas, as well as formulate a common understanding of emerging research issues and possible solution paths
Recommended from our members
Preliminary Design of the SAFE Platform
SAFE is a clean-slate design for a secure host architecture. It integrates advances in programming languages, operating systems, and hardware and incorporates formal methods at every step. Though the project is still at an early stage, we have assembled a set of basic architectural choices that we believe will yield a high-assurance system. We sketch the current state of the design and discuss several of these choices.Engineering and Applied Science
FunTAL: Reasonably Mixing a Functional Language with Assembly
We present FunTAL, the first multi-language system to formalize safe
interoperability between a high-level functional language and low-level
assembly code while supporting compositional reasoning about the mix. A central
challenge in developing such a multi-language is bridging the gap between
assembly, which is staged into jumps to continuations, and high-level code,
where subterms return a result. We present a compositional stack-based typed
assembly language that supports components, comprised of one or more basic
blocks, that may be embedded in high-level contexts. We also present a logical
relation for FunTAL that supports reasoning about equivalence of high-level
components and their assembly replacements, mixed-language programs with
callbacks between languages, and assembly components comprised of different
numbers of basic blocks.Comment: 15 pages; implementation at https://dbp.io/artifacts/funtal/;
published in PLDI '17, Proceedings of the 38th ACM SIGPLAN Conference on
Programming Language Design and Implementation, June 18 - 23, 2017,
Barcelona, Spai
Overcoming Restraint: Composing Verification of Foreign Functions with Cogent
Cogent is a restricted functional language designed to reduce the cost of
developing verified systems code. Because of its sometimes-onerous
restrictions, such as the lack of support for recursion and its strict
uniqueness type system, Cogent provides an escape hatch in the form of a
foreign function interface (FFI) to C code. This poses a problem when verifying
Cogent programs, as imported C components do not enjoy the same level of static
guarantees that Cogent does. Previous verification of file systems implemented
in Cogent merely assumed that their C components were correct and that they
preserved the invariants of Cogent's type system. In this paper, we instead
prove such obligations. We demonstrate how they smoothly compose with existing
Cogent theorems, and result in a correctness theorem of the overall Cogent-C
system. The Cogent FFI constraints ensure that key invariants of Cogent's type
system are maintained even when calling C code. We verify reusable higher-order
and polymorphic functions including a generic loop combinator and array
iterators and demonstrate their application to several examples including
binary search and the BilbyFs file system. We demonstrate the feasibility of
verification of mixed Cogent-C systems, and provide some insight into
verification of software comprised of code in multiple languages with differing
levels of static guarantees
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Compiler verification meets cross-language linking via data abstraction
Many real programs are written in multiple different programming languages, and supporting this pattern creates challenges for formal compiler verification. We describe our Coq verification of a compiler for a high-level language, such that the compiler correctness theorem allows us to derive partial-correctness Hoare-logic theorems for programs built by linking the assembly code output by our compiler and assembly code produced by other means. Our compiler supports such tricky features as storable cross-language function pointers, without giving up the usual benefits of being able to verify different compiler phases (including, in our case, two classic optimizations) independently. The key technical innovation is a mixed operational and axiomatic semantics for the source language, with a built-in notion of abstract data types, such that compiled code interfaces with other languages only through axiomatically specified methods that mutate encapsulated private data, represented in whatever formats are most natural for those languages.National Science Foundation (U.S.) (Grant CCF-1253229)United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0293)United States. Dept. of Energy. Office of Science (Award DE-SC0008923
Preliminary Design of the SAFE Platform
Safe is a clean-slate design for a secure host architecture. It integrates advances in programming languages, operating systems, and hardware and incorporates formal methods at every step. Though the project is still at an early stage, we have assembled a set of basic architectural choices that we believe will yield a high-assurance system. We sketch the current state of the design and discuss several of these choices
- …