1,622 research outputs found
On Automated Lemma Generation for Separation Logic with Inductive Definitions
Separation Logic with inductive definitions is a well-known approach for
deductive verification of programs that manipulate dynamic data structures.
Deciding verification conditions in this context is usually based on
user-provided lemmas relating the inductive definitions. We propose a novel
approach for generating these lemmas automatically which is based on simple
syntactic criteria and deterministic strategies for applying them. Our approach
focuses on iterative programs, although it can be applied to recursive programs
as well, and specifications that describe not only the shape of the data
structures, but also their content or their size. Empirically, we find that our
approach is powerful enough to deal with sophisticated benchmarks, e.g.,
iterative procedures for searching, inserting, or deleting elements in sorted
lists, binary search tress, red-black trees, and AVL trees, in a very efficient
way
Recursive Definitions of Monadic Functions
Using standard domain-theoretic fixed-points, we present an approach for
defining recursive functions that are formulated in monadic style. The method
works both in the simple option monad and the state-exception monad of
Isabelle/HOL's imperative programming extension, which results in a convenient
definition principle for imperative programs, which were previously hard to
define.
For such monadic functions, the recursion equation can always be derived
without preconditions, even if the function is partial. The construction is
easy to automate, and convenient induction principles can be derived
automatically.Comment: In Proceedings PAR 2010, arXiv:1012.455
Predicate Abstraction for Linked Data Structures
We present Alias Refinement Types (ART), a new approach to the verification
of correctness properties of linked data structures. While there are many
techniques for checking that a heap-manipulating program adheres to its
specification, they often require that the programmer annotate the behavior of
each procedure, for example, in the form of loop invariants and pre- and
post-conditions. Predicate abstraction would be an attractive abstract domain
for performing invariant inference, existing techniques are not able to reason
about the heap with enough precision to verify functional properties of data
structure manipulating programs. In this paper, we propose a technique that
lifts predicate abstraction to the heap by factoring the analysis of data
structures into two orthogonal components: (1) Alias Types, which reason about
the physical shape of heap structures, and (2) Refinement Types, which use
simple predicates from an SMT decidable theory to capture the logical or
semantic properties of the structures. We prove ART sound by translating types
into separation logic assertions, thus translating typing derivations in ART
into separation logic proofs. We evaluate ART by implementing a tool that
performs type inference for an imperative language, and empirically show, using
a suite of data-structure benchmarks, that ART requires only 21% of the
annotations needed by other state-of-the-art verification techniques
Automating Deductive Verification for Weak-Memory Programs
Writing correct programs for weak memory models such as the C11 memory model
is challenging because of the weak consistency guarantees these models provide.
The first program logics for the verification of such programs have recently
been proposed, but their usage has been limited thus far to manual proofs.
Automating proofs in these logics via first-order solvers is non-trivial, due
to reasoning features such as higher-order assertions, modalities and rich
permission resources. In this paper, we provide the first implementation of a
weak memory program logic using existing deductive verification tools. We
tackle three recent program logics: Relaxed Separation Logic and two forms of
Fenced Separation Logic, and show how these can be encoded using the Viper
verification infrastructure. In doing so, we illustrate several novel encoding
techniques which could be employed for other logics. Our work is implemented,
and has been evaluated on examples from existing papers as well as the Facebook
open-source Folly library.Comment: Extended version of TACAS 2018 publicatio
On Deciding Local Theory Extensions via E-matching
Satisfiability Modulo Theories (SMT) solvers incorporate decision procedures
for theories of data types that commonly occur in software. This makes them
important tools for automating verification problems. A limitation frequently
encountered is that verification problems are often not fully expressible in
the theories supported natively by the solvers. Many solvers allow the
specification of application-specific theories as quantified axioms, but their
handling is incomplete outside of narrow special cases.
In this work, we show how SMT solvers can be used to obtain complete decision
procedures for local theory extensions, an important class of theories that are
decidable using finite instantiation of axioms. We present an algorithm that
uses E-matching to generate instances incrementally during the search,
significantly reducing the number of generated instances compared to eager
instantiation strategies. We have used two SMT solvers to implement this
algorithm and conducted an extensive experimental evaluation on benchmarks
derived from verification conditions for heap-manipulating programs. We believe
that our results are of interest to both the users of SMT solvers as well as
their developers
- …