Пример верификации в проекте F@BOOL@, основанном на булевских решателях

A verifying compiler is a system computer program that translates programs written by man from a high-level language into equivalent executable programs, and besides, proves (veri¯es) mathematical statements speci¯ed by man about the properties of the programs being translated. The purpose of the F@BOOL@ project is to develop a transparent for users, compact and portable verifying compiler F@BOOL@ for anno- tated computational programs, that uses e®ective and sound automatic SAT-solvers (i.e. programs that check satis¯ability of prepositional Boolean formulas in the conjunctive normal form) as means of automatic validation of correctness conditions (instead of semi-automatic proof techniques). The key idea is Boolean representation of all data instead of Boolean abstraction or ¯rst-order representation. (It makes di®erence be- tween F@BOOL@ and SLAM.) Our project is aimed at the veri¯cation of functional properties, and it assumes generation of ¯rst-order veri¯cation conditions (from invari- ants), and the validation/refutation of each veri¯cation condition using SAT-solvers after \conservative" translation of the veri¯cation conditions into Boolean form. During the period from 2006 to 2009, a popular (at that time) SAT-solver zCha® was used in the F@BOOL@ project. The ¯rst three veri¯cation experiments that have been exercised with its help are listed below: swapping values of two variables, checking whether three input values are lengths of sides of an equilateral or isosceles triangle, and detecting a unique fake in a set of 15 coins. The paper presents general outlines of the project and details of the last (the most extensive) experiment.Верифицирующий компилятор - это системная компьютерная программа, которая транслирует написанные человеком программы с языка высокого уровня в эквивалентные исполнимые программы и, кроме того, доказывает (верифицирует) специфицированные человеком математические утверждения о свойствах транслируемых программ. Цель проекта F@BOOL@ - разработка понятного для пользователей, компактного и переносимого верифицирующего компилятора аннотированных вычислительных программ, использующего эффективные и достоверные автоматические SAT-решатели в качестве средств автоматической проверки истинности условий корректности (вместо средств полуавтоматического доказательства). В период с 2006 по 2009 гг. в проекте F@BOOL@ использовался SAT-решатель zChaff. С его помощью были выполнены первые эксперименты по верификации простых программ на Mini-NIL: программы обмена переменных своими значениями, проверки троек целых чисел быть длинами сторон равностороннего или равнобедренного треугольника, и поиска одной фальшивой среди 15 монет с использованием чашечных весов. В работе рассказано об основных идеях проекта F@BOOL@ и приведены детали эксперимента по верификации программы, решающей головоломку о монетах

A Software Toolchain for Physical System Description and Synthesis, and Applications to Microfluidic Design Automation

Microfluidic circuits are currently designed by hand, using a combination of the designer’s domain knowledge and educated intuition to determine unknown design parameters. As no microfluidic circuit design software exists to assist designers, circuits are typically tested by physically constructing them in silico and performing another design iteration should the prototype fail to operate correctly. Similar to how electronic design automation tools revolutionized the digital circuit design process, so too do microfluidic design packages have the potential to increase productivity for microfluidic circuit designers and allow more complex devices to be designed. Two of the primary software engineering problems to be solved in this space relate to design entry and design synthesis. First, the circuit designer requires a programming language to describe the behaviour and properties of the device they wish to build, and a compiler toolchain to convert this description into a model that can then be processed by other software tools. Second, once such a model is constructed, the remaining portions of the design toolchain must be constructed. It is necessary to implement software that can find unknown design parameters automatically to relieve the designer of much of the complexity that goes into creating such a circuit. Furthermore, automated testing and verification tools must be used to simulate the device and check for correctness and safety requirements before the engineer can have confidence in their design. In this thesis I outline work that has been done towards both of these goals. First, I describe a new programming language that has been developed for the purpose of describing and modelling physical systems, including but not limited to microfluidic circuits. This programming language, called “Manifold”, has been implemented following principles and features of modern functional programming languages, as well as drawing inspiration from VHDL and Verilog, the two industry-standard programming languages for EDA. The Manifold high-level language compiler carries out the process of translating a system description into a domain-agnostic intermediate representation. This representation is then passed to a domain-specific backend compiler which can perform further operations on the design, such as creating simulations, performing verification, and generating appropriate output products. Second, I perform a case study with respect to the creation of such a domain-specific backend for the domain of multi-phase microfluidic circuits. The process involved in taking a circuit description from design entry to device specification has a number of significant steps. I discuss in detail these steps with respect to the design of a multi-way droplet generator circuit. Such a circuit is difficult to design because of the behaviour of the key design parameter, the volume of generated droplets. The design goal is for each droplet generator on the device to produce droplets of a certain specified volume. However, the equation relating the properties of a droplet generator to the predicted droplet volume is complex and contains several nonlinearities, making it very difficult to solve by traditional methods. Recent advances in constraint solvers which can reason about nonlinear equations over real-valued terms make it possible to solve this equation efficiently for a given set of design constraints and goals, and produce many feasible specifications for droplet generators that meet the requirements. Another difficulty in designing these circuits is due to interactions between droplet generators. As the produced droplets have a significant hydrodynamic resistance, they affect the behaviour of the circuit by causing perturbations in the flow rates into the droplet generators. This has the potential to alter the volume of droplets that are being produced. Therefore, a means of regulating or controlling the flow rates must be found. I describe a potential solution in the form of a passive element analogous to a capacitor in an electrical circuit. Once an appropriate value for the capacitor is chosen, it remains to verify that it operates correctly under manufacturing variances in fabrication of the device. To perform this verification, a bounded model checker for real-valued differential equations is employed to demonstrate correctness or discover robustness issues. Furthermore, a simulation file for the MapleSim numerical simulation engine is generated in order to perform whole-design tests for further validation. The sequence in which these steps are performed closely follows the concept of “abstraction refinement” in formal methods, in which successively more detailed models are checked and a failure in one step can invoke a previous step with new information, allowing errors to be caught early and introducing the ability to iterate on the design. I describe such a refinement loop in place in the microfluidics backend that integrates these three steps in a coherent design flow, able to synthesize and verify many specifications for a microfluidic circuit, thereby automating a significant portion of the design process. The combination of the Manifold high-level language and microfluidics backend introduces a new design automation toolchain that demonstrates the effectiveness of constraint solvers in the tasks of design synthesis and verification. Further enhancements to the performance and capabilities of these solvers, as well as to the high-level language and backend, will in the future produce a general-purpose design package for microfluidic circuits that will allow for new, complex designs to be created and checked with confidence

From LCF to Isabelle/HOL

Interactive theorem provers have developed dramatically over the past four decades, from primitive beginnings to today's powerful systems. Here, we focus on Isabelle/HOL and its distinctive strengths. They include automatic proof search, borrowing techniques from the world of first order theorem proving, but also the automatic search for counterexamples. They include a highly readable structured language of proofs and a unique interactive development environment for editing live proof documents. Everything rests on the foundation conceived by Robin Milner for Edinburgh LCF: a proof kernel, using abstract types to ensure soundness and eliminate the need to store proofs. Compared with the research prototypes of the 1970s, Isabelle is a practical and versatile tool. It is used by system designers, mathematicians and many others

Tools and Algorithms for the Construction and Analysis of Systems

This open access two-volume set constitutes the proceedings of the 27th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2021, which was held during March 27 – April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg and changed to an online format due to the COVID-19 pandemic. The total of 41 full papers presented in the proceedings was carefully reviewed and selected from 141 submissions. The volume also contains 7 tool papers; 6 Tool Demo papers, 9 SV-Comp Competition Papers. The papers are organized in topical sections as follows: Part I: Game Theory; SMT Verification; Probabilities; Timed Systems; Neural Networks; Analysis of Network Communication. Part II: Verification Techniques (not SMT); Case Studies; Proof Generation/Validation; Tool Papers; Tool Demo Papers; SV-Comp Tool Competition Papers

Symbolic execution of verification languages and floating-point code

The focus of this thesis is a program analysis technique named symbolic execution. We present three main contributions to this field. First, an investigation into comparing several state-of-the-art program analysis tools at the level of an intermediate verification language over a large set of benchmarks, and improvements to the state-of-the-art of symbolic execution for this language. This is explored via a new tool, Symbooglix, that operates on the Boogie intermediate verification language. Second, an investigation into performing symbolic execution of floating-point programs via a standardised theory of floating-point arithmetic that is supported by several existing constraint solvers. This is investigated via two independent extensions of the KLEE symbolic execution engine to support reasoning about floating-point operations (with one tool developed by the thesis author). Third, an investigation into the use of coverage-guided fuzzing as a means for solving constraints over finite data types, inspired by the difficulties associated with solving floating-point constraints. The associated prototype tool, JFS, which builds on the LibFuzzer project, can at present be applied to a wide range of SMT queries over bit-vector and floating-point variables, and shows promise on floating-point constraints.Open Acces