219 research outputs found
Predicate Abstraction for Linked Data Structures
We present Alias Refinement Types (ART), a new approach to the verification
of correctness properties of linked data structures. While there are many
techniques for checking that a heap-manipulating program adheres to its
specification, they often require that the programmer annotate the behavior of
each procedure, for example, in the form of loop invariants and pre- and
post-conditions. Predicate abstraction would be an attractive abstract domain
for performing invariant inference, existing techniques are not able to reason
about the heap with enough precision to verify functional properties of data
structure manipulating programs. In this paper, we propose a technique that
lifts predicate abstraction to the heap by factoring the analysis of data
structures into two orthogonal components: (1) Alias Types, which reason about
the physical shape of heap structures, and (2) Refinement Types, which use
simple predicates from an SMT decidable theory to capture the logical or
semantic properties of the structures. We prove ART sound by translating types
into separation logic assertions, thus translating typing derivations in ART
into separation logic proofs. We evaluate ART by implementing a tool that
performs type inference for an imperative language, and empirically show, using
a suite of data-structure benchmarks, that ART requires only 21% of the
annotations needed by other state-of-the-art verification techniques
The Belgian Electronic Identity Card: a Verification Case Study
In the field of annotation-based source code level program verification for Java-like languages, separation-logic based verifiers offer a promising alternative to classic JML based verifiers such as ESC/Java2, the Mobius tool or Spec#. Researchers have demonstrated the advantages of separation logic based verification by showing that it is feasible to verify very challenging (though very small) sample code, such as design patterns, or highly concurrent code. However, there is little experience in using this new breed of verifiers on real code. In this paper we report on our experience of verifying several thousands of lines of Java Card code using VeriFast, one of the state-of-the-art separation logic based verifiers. We quantify annotation overhead, verification performance, and impact on code quality (number of bugs found). Finally, our experiments suggest a number of potential improvements to the VeriFast tool
Sound Automation of Magic Wands (extended version)
The magic wand (also called separating implication) is a
separation logic connective commonly used to specify properties of partial data
structures, for instance during iterative traversals. A footprint of a magic
wand formula is a state that, combined with any state in
which holds, yields a state in which holds. The key challenge of
proving a magic wand (also called packaging a wand) is to find such a
footprint. Existing package algorithms either have a high annotation overhead
or, as we show in this paper, are unsound. We present a formal framework that
precisely characterises a wide design space of possible package algorithms
applicable to a large class of separation logics. We prove in Isabelle/HOL that
our formal framework is sound and complete, and use it to develop a novel
package algorithm that offers competitive automation and is sound. Moreover, we
present a novel, restricted definition of wands and prove in Isabelle/HOL that
it is possible to soundly combine fractions of such wands, which is not the
case for arbitrary wands. We have implemented our techniques for the Viper
language, and demonstrate that they are effective in practice.Comment: Extended version of CAV 2022 publicatio
Compositional Verification of Heap-Manipulating Programs through Property-Guided Learning
Analyzing and verifying heap-manipulating programs automatically is
challenging. A key for fighting the complexity is to develop compositional
methods. For instance, many existing verifiers for heap-manipulating programs
require user-provided specification for each function in the program in order
to decompose the verification problem. The requirement, however, often hinders
the users from applying such tools. To overcome the issue, we propose to
automatically learn heap-related program invariants in a property-guided way
for each function call. The invariants are learned based on the memory graphs
observed during test execution and improved through memory graph mutation. We
implemented a prototype of our approach and integrated it with two existing
program verifiers. The experimental results show that our approach enhances
existing verifiers effectively in automatically verifying complex
heap-manipulating programs with multiple function calls
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
Language Models Hallucinate, but May Excel at Fact Verification
Recent progress in natural language processing (NLP) owes much to remarkable
advances in large language models (LLMs). Nevertheless, LLMs frequently
"hallucinate," resulting in non-factual outputs. Our carefully designed human
evaluation substantiates the serious hallucination issue, revealing that even
GPT-3.5 produces factual outputs less than 25% of the time. This underscores
the importance of fact verifiers in order to measure and incentivize progress.
Our systematic investigation affirms that LLMs can be repurposed as effective
fact verifiers with strong correlations with human judgments, at least in the
Wikipedia domain. Surprisingly, FLAN-T5-11B, the least factual generator in our
study, performs the best as a fact verifier, even outperforming more capable
LLMs like GPT3.5 and ChatGPT. Delving deeper, we analyze the reliance of these
LLMs on high-quality evidence, as well as their deficiencies in robustness and
generalization ability. Our study presents insights for developing trustworthy
generation models.Comment: 9 page
- …