96 research outputs found
Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms
We introduce Meta-F*, a tactics and metaprogramming framework for the F*
program verifier. The main novelty of Meta-F* is allowing the use of tactics
and metaprogramming to discharge assertions not solvable by SMT, or to just
simplify them into well-behaved SMT fragments. Plus, Meta-F* can be used to
generate verified code automatically.
Meta-F* is implemented as an F* effect, which, given the powerful effect
system of F*, heavily increases code reuse and even enables the lightweight
verification of metaprograms. Metaprograms can be either interpreted, or
compiled to efficient native code that can be dynamically loaded into the F*
type-checker and can interoperate with interpreted code. Evaluation on
realistic case studies shows that Meta-F* provides substantial gains in proof
development, efficiency, and robustness.Comment: Full version of ESOP'19 pape
From Network Interface to Multithreaded Web Applications: A Case Study in Modular Program Verification
Many verifications of realistic software systems are monolithic, in the sense that they define single global invariants over complete system state. More modular proof techniques promise to support reuse of component proofs and even reduce the effort required to verify one concrete system, just as modularity simplifies standard software development. This paper reports on one case study applying modular proof techniques in the Coq proof assistant. To our knowledge, it is the first modular verification certifying a system that combines infrastructure with an application of interest to end users. We assume a nonblocking API for managing TCP networking streams, and on top of that we work our way up to certifying multithreaded, database-backed Web applications. Key verified components include a cooperative threading library and an implementation of a domain-specific language for XML processing. We have deployed our case-study system on mobile robots, where it interfaces with off-the-shelf components for sensing, actuation, and control.National Science Foundation (U.S.) (Grant CCF-1253229)United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0293
From Network Interface to Multithreaded Web Applications: A Case Study in Modular Program Verification
Many verifications of realistic software systems are monolithic, in the sense that they define single global invariants over complete system state. More modular proof techniques promise to support reuse of component proofs and even reduce the effort required to verify one concrete system, just as modularity simplifies standard software development. This paper reports on one case study applying modular proof techniques in the Coq proof assistant. To our knowledge, it is the first modular verification certifying a system that combines infrastructure with an application of interest to end users. We assume a nonblocking API for managing TCP networking streams, and on top of that we work our way up to certifying multithreaded, database-backed Web applications. Key verified components include a cooperative threading library and an implementation of a domain-specific language for XML processing. We have deployed our case-study system on mobile robots, where it interfaces with off-the-shelf components for sensing, actuation, and control.National Science Foundation (U.S.) (NSF grant CCF-1253229)United States. Defense Advanced Research Projects Agency (DARPA, agreement number FA8750-12-2-0293
Verification by Reduction to Functional Programs
In this thesis, we explore techniques for the development and verification of programs in a high-level, expressive, and safe programming language. Our programs can express problems over unbounded domains and over recursive and mutable data structures. We present an implementation language flexible enough to build interesting and useful systems. We mostly maintain a core shared language for the specifications and the implementation, with only a few extensions specific to expressing the specifications. Extensions of the core shared language include imperative features with state and side effects, which help when implementing efficient systems. Our language is a subset of the Scala programming language. Once verified, programs can be compiled and executed using the existing Scala tools. We present algorithms for verifying programs written in this language. We take a layer-based approach, where we reduce, at each step, the program to an equivalent program in a simpler language. We first purify functions by transforming away mutations into explicit return types in the functions' signatures. This step rewrites all mutations of data structures into cloning operations. We then translate local state into a purely functional code, hence eliminating all traces of imperative programming. The final language is a functional subset of Scala, on which we apply verification. We integrate our pipeline of translations into Leon, a verifier for Scala. We verify the core functional language by using an algorithm already developed inside Leon. The program is encoded into equivalent first-order logic formulas over a combination of theories and recursive functions. The formulas are eventually discharged to an external SMT solver. We extend this core language and the solving algorithm with support for both infinite-precision integers and bit-vectors. The algorithm takes into account the semantics gap between the two domains, and the programmer is ultimately responsible to use the proper type to represent the data. We build a reusable interface for SMT-LIB that enables us to swap solvers transparently in order to validate the formulas emitted by Leon. We experiment with writing solvers in Scala; they could offer both a better and safer integration with the rest of the system. We evaluate the cost of using a higher-order language to implement such solvers, traditionally written in C/C++. Finally, we experiment with the system by building fully working and verified applications. We rely on the intersection of many features including higher-order functions, mutable data structures, recursive functions, and nondeterministic environment dependencies, to build concise and verified applications
Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021
The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing
Handle with Care and Confidence – Extending Cameleer with Algebraic Effects and Effect Handlers. An analysis of algebraic effects and techniques to deductively verify them
The new major release of the OCaml compiler is set to be an important landmark in the
history and ecosystem of the language. The 5.0 version introduces Multicore OCaml, a
multi-threaded implementation of the OCaml runtime. Two new important paradigms
shall arise in the language: parallelism via domains and direct-style concurrency via
algebraic effects and handlers. In this work, we focus precisely on the latter and try to
answer the following research question: "what tools and principles must be developed
in order to apply automated deductive proofs to OCaml programs featuring effects and
handlers?".
Algebraic effects and handlers are a powerful abstraction to build non-local control-flow
mechanisms such as resumable exceptions, lightweight threads, co-routines, generators,
and asynchronous I/O. All of such features have very evolved semantics, hence they pose
very interesting challenges to deductive verification techniques. In fact, there are very
few proposed techniques to deductively verify programs featuring these constructs, even
fewer when it comes to automated proofs. In this report, we outline some of the currently
available techniques for the verification of programs with algebraic effects. We then build
off them to create a mostly automated verification framework by extending Cameleer, a
tool which verifies OCaml code using GOSPEL and Why3. This framework embeds the
behavior of effects and handlers using exceptions and defunctionalized functions.A próxima iteração do compilador OCaml será histórica no que diz respeito ao ecosistema
da linguagem. A versão 5.0 introduzirá Multicore OCaml, uma implementação multi-
threaded do runtime OCaml. Nesta versão, dois paradigmas serão adicionados: paralelismo
utilizando domains e concorrência em estilo direto na forma de efeitos algébricos e handlers.
Neste relatório, focar-nos-emos no segundo ponto, tentado responder à seguinte questão:
"que ferramentas e princípios deveremos desenvolver de modo a applicar provas dedutivas
automáticas a programas com efeitos e handlers?".
Efeitos algébricos e handlers são uma abstrações poderosas que nos permite construir
mecanismos para controlar o curso de um programa como, por exemplo, exceções que
nos permitem recomeçar a computação, threads lightwheight, corotinas, geradores e I/O
asíncrono. Todos estes paradigmas são um grande desafio no contexto de verificação
dedutiva pois têm semanticas bastante complexas. Neste relatório iremos abordar algumas
das técnicas existentes para provar programas com efeitos algébricos. Ademais, propomos
uma estratégia de verificação para provar automáticamente programas com handlers. Para
este efeito, extendemos a ferramenta Cameleer, um verificador de código OCaml que utiliza
a linguagem de especificação GOSPEL e o prover Why3. Esta extensão visa aproximar o
comportamento de handlers utilizando exceções e funções desfuncionalizadas
Formal Verification of Industrial Software and Neural Networks
Software ist ein wichtiger Bestandteil unsere heutige Gesellschaft. Da Software vermehrt
in sicherheitskritischen Bereichen angewandt wird, müssen wir uns auf eine korrekte und
sichere Ausführung verlassen können. Besonders eingebettete Software, zum Beispiel in
medizinischen Geräten, Autos oder Flugzeugen, muss gründlich und formal geprüft werden.
Die Software solcher eingebetteten Systeme kann man in zwei Komponenten aufgeteilt.
In klassische (deterministische) Steuerungssoftware und maschinelle Lernverfahren
zum Beispiel für die Bilderkennung oder Kollisionsvermeidung angewandt werden.
Das Ziel dieser Dissertation ist es den Stand der Technik bei der Verifikation von
zwei Hauptkomponenten moderner eingebetteter Systeme zu verbessern: in C/C++
geschriebene Software und neuronalen Netze. Für beide Komponenten wird das Verifikationsproblem
formal definiert und neue Verifikationsansätze werden vorgestellt
VERDICTS: Visual Exploratory Requirements Discovery and Injection for Comprehension and Testing of Software
We introduce a methodology and research tools for visual exploratory software analysis. VERDICTS combines exploratory testing, tracing, visualization, dynamic discovery and injection of requirements specifications into a live quick-feedback cycle, without recompilation or restart of the system under test. This supports discovery and verification of software dynamic behavior, software comprehension, testing, and locating the defect origin. At its core, VERDICTS allows dynamic evolution and testing of hypotheses about requirements and behavior, by using contracts as automated component verifiers.
We introduce Semantic Mutation Testing as an approach to evaluate concordance of automated verifiers and the functional specifications they represent with respect to existing implementation. Mutation testing has promise, but also has many known issues. In our tests, both black-box and white-box variants of our Semantic Mutation Testing approach performed better than traditional mutation testing as a measure of quality of automated verifiers
Recommended from our members
Combining Static and Dynamic Analysis for Bug Detection and Program Understanding
This work proposes new combinations of static and dynamic analysis for bug detection and program understanding. There are 3 related but largely independent directions: a) In the area of dynamic invariant inference, we improve the consistency of dynamically discovered invariants by taking into account second-order constraints that encode knowledge aboutinvariants; the second-order constraints are either supplied by the programmer or vetted by the programmer (among candidate constraints suggested automatically); b) In the area of testing dataflow (esp. map-reduce) programs, our tool, SEDGE, achieves higher testing coverage by leveraging existinginput data and generalizing them using a symbolic reasoning engine (a powerful SMT solver); c) In the area of bug detection, we identify and present the concept of residual investigation: a dynamic analysis that serves as theruntime agent of a static analysis. Residual investigation identifies with higher certainty whether an error reported by the static analysis is likely true
Foundations of Software Science and Computation Structures
This open access book constitutes the proceedings of the 25th International Conference on Foundations of Software Science and Computational Structures, FOSSACS 2022, which was held during April 4-6, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 23 regular papers presented in this volume were carefully reviewed and selected from 77 submissions. They deal with research on theories and methods to support the analysis, integration, synthesis, transformation, and verification of programs and software systems
- …