12 research outputs found
Lightweight Support for Magic Wands in an Automatic Verifier (Artifact)
This artifact is based on Silicon, which is an automatic verification tool for programs written in the Silver Intermediate Verification Language. Silver is designed to natively support permission-based reasoning, in the style of separation logic and similar approaches. Our extension of Silicon provides support for specification and verification of programs using the magic wand operator, which can be used to represent ways to exchange views on the program state, or to represent partial versions of data structures. Our implementation is a backwards-compatible extension of the basic tool, and is provided along with a test suite of examples and regressions in a VirtualBox image. Instructions for running our tool on these (and user-defined) examples are provided in the image, to allow users to experiment with the verifier
Sound Automation of Magic Wands (extended version)
The magic wand (also called separating implication) is a
separation logic connective commonly used to specify properties of partial data
structures, for instance during iterative traversals. A footprint of a magic
wand formula is a state that, combined with any state in
which holds, yields a state in which holds. The key challenge of
proving a magic wand (also called packaging a wand) is to find such a
footprint. Existing package algorithms either have a high annotation overhead
or, as we show in this paper, are unsound. We present a formal framework that
precisely characterises a wide design space of possible package algorithms
applicable to a large class of separation logics. We prove in Isabelle/HOL that
our formal framework is sound and complete, and use it to develop a novel
package algorithm that offers competitive automation and is sound. Moreover, we
present a novel, restricted definition of wands and prove in Isabelle/HOL that
it is possible to soundly combine fractions of such wands, which is not the
case for arbitrary wands. We have implemented our techniques for the Viper
language, and demonstrate that they are effective in practice.Comment: Extended version of CAV 2022 publicatio
Verification-Preserving Inlining in Automatic Separation Logic Verifiers (extended version)
Bounded verification has proved useful to detect bugs and to increase
confidence in the correctness of a program. In contrast to unbounded
verification, reasoning about calls via (bounded) inlining and about loops via
(bounded) unrolling does not require method specifications and loop invariants
and, therefore, reduces the annotation overhead to the bare minimum, namely
specifications of the properties to be verified. For verifiers based on
traditional program logics, verification is preserved by inlining (and
unrolling): successful unbounded verification of a program w.r.t. some
annotation implies successful verification of the inlined program. That is, any
error detected in the inlined program reveals a true error in the original
program. However, this essential property might not hold for automatic
separation logic verifiers such as Caper, GRASShopper, RefinedC, Steel,
VeriFast, and verifiers based on Viper. In this setting, inlining generally
changes the resources owned by method executions, which may affect automatic
proof search algorithms and introduce spurious errors.
In this paper, we present the first technique for verification-preserving
inlining in automatic separation logic verifiers. We identify a semantic
condition on programs and prove in Isabelle/HOL that it ensures
verification-preserving inlining for state-of-the-art automatic separation
logic verifiers. We also prove a dual result: successful verification of the
inlined program ensures that there are method and loop annotations that enable
the verification of the original program for bounded executions. To check our
semantic condition automatically, we present two approximations that can be
checked syntactically and with a program verifier, respectively. We implement
these checks in Viper and demonstrate that they are effective for non-trivial
examples from different verifiers
Computer Aided Verification
This open access two-volume set LNCS 13371 and 13372 constitutes the refereed proceedings of the 34rd International Conference on Computer Aided Verification, CAV 2022, which was held in Haifa, Israel, in August 2022. The 40 full papers presented together with 9 tool papers and 2 case studies were carefully reviewed and selected from 209 submissions. The papers were organized in the following topical sections: Part I: Invited papers; formal methods for probabilistic programs; formal methods for neural networks; software Verification and model checking; hyperproperties and security; formal methods for hardware, cyber-physical, and hybrid systems. Part II: Probabilistic techniques; automata and logic; deductive verification and decision procedures; machine learning; synthesis and concurrency. This is an open access book
Automated and foundational verification of low-level programs
Formal verification is a promising technique to ensure the reliability of low-level programs like operating systems and hypervisors, since it can show the absence of whole classes of bugs and prevent critical vulnerabilities. However, to realize the full potential of formal verification for real-world low-level programs one has to overcome several challenges, including: (1) dealing with the complexities of realistic models of real-world programming languages; (2) ensuring the trustworthiness of the verification, ideally by providing foundational proofs (i.e., proofs that can be checked by a general-purpose proof assistant); and (3) minimizing the manual effort required for verification by providing a high degree of automation. This dissertation presents multiple projects that advance formal verification along these three axes: RefinedC provides the first approach for verifying C code that combines foundational proofs with a high degree of automation via a novel refinement and ownership type system. Islaris shows how to scale verification of assembly code to realistic models of modern instruction set architectures-in particular, Armv8-A and RISC-V. DimSum develops a decentralized approach for reasoning about programs that consist of components written in multiple different languages (e.g., assembly and C), as is common for low-level programs. RefinedC and Islaris rest on Lithium, a novel proof engine for separation logic that combines automation with foundational proofs.Formale Verifikation ist eine vielversprechende Technik, um die VerlĂ€sslichkeit von grundlegenden Programmen wie Betriebssystemen sicherzustellen. Um das volle Potenzial formaler Verifikation zu realisieren, mĂŒssen jedoch mehrere Herausforderungen gemeistert werden: Erstens muss die KomplexitĂ€t von realistischen Modellen von Programmiersprachen wie C oder Assembler gehandhabt werden. Zweitens muss die VertrauenswĂŒrdigkeit der Verifikation sichergestellt werden, idealerweise durch maschinenĂŒberprĂŒfbare Beweise. Drittens muss die Verifikation automatisiert werden, um den manuellen Aufwand zu minimieren. Diese Dissertation prĂ€sentiert mehrere Projekte, die formale Verifikation entlang dieser Achsen weiterentwickeln: RefinedC ist der erste Ansatz fĂŒr die Verifikation von C Code, der maschinenĂŒberprĂŒfbare Beweise mit einem hohen Grad an Automatisierung vereint. Islaris zeigt, wie die Verifikation von Assembler zu realistischen Modellen von modernen Befehlssatzarchitekturen wie Armv8-A oder RISC-V skaliert werden kann. DimSum entwickelt einen neuen Ansatz fĂŒr die Verifizierung von Programmen, die aus Komponenten in mehreren Programmiersprachen bestehen (z.B., C und Assembler), wie es oft bei grundlegenden Programmen wie Betriebssystemen der Fall ist. RefinedC und Islaris basieren auf Lithium, eine neue Automatisierungstechnik fĂŒr Separationslogik, die maschinenĂŒberprĂŒfbare Beweise und Automatisierung verbindet.This research was supported in part by a Google PhD Fellowship, in part by awards from Android Security's ASPIRE program and from Google Research, and in part by a European Research Council (ERC) Consolidator Grant for the project "RustBelt", funded under the European Unionâs Horizon 2020 Framework Programme (grant agreement no. 683289)
Computer Aided Verification
This open access two-volume set LNCS 13371 and 13372 constitutes the refereed proceedings of the 34rd International Conference on Computer Aided Verification, CAV 2022, which was held in Haifa, Israel, in August 2022. The 40 full papers presented together with 9 tool papers and 2 case studies were carefully reviewed and selected from 209 submissions. The papers were organized in the following topical sections: Part I: Invited papers; formal methods for probabilistic programs; formal methods for neural networks; software Verification and model checking; hyperproperties and security; formal methods for hardware, cyber-physical, and hybrid systems. Part II: Probabilistic techniques; automata and logic; deductive verification and decision procedures; machine learning; synthesis and concurrency. This is an open access book
Programming Languages and Systems
This open access book constitutes the proceedings of the 31st European Symposium on Programming, ESOP 2022, which was held during April 5-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 21 regular papers presented in this volume were carefully reviewed and selected from 64 submissions. They deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems
Computer Aided Verification
The open access two-volume set LNCS 12224 and 12225 constitutes the refereed proceedings of the 32st International Conference on Computer Aided Verification, CAV 2020, held in Los Angeles, CA, USA, in July 2020.* The 43 full papers presented together with 18 tool papers and 4 case studies, were carefully reviewed and selected from 240 submissions. The papers were organized in the following topical sections: Part I: AI verification; blockchain and Security; Concurrency; hardware verification and decision procedures; and hybrid and dynamic systems. Part II: model checking; software verification; stochastic systems; and synthesis. *The conference was held virtually due to the COVID-19 pandemic
Understanding and evolving the Rust programming language
Rust is a young systems programming language that aims to fill the gap between high-level languagesâwhich provide strong static guarantees like memory and thread safetyâand low-level languagesâwhich give the programmer fine-grained control over data layout and memory management. This dissertation presents two projects establishing the first formal foundations for Rust, enabling us to better understand and evolve this important language: RustBelt and Stacked Borrows. RustBelt is a formal model of Rustâs type system, together with a soundness proof establishing memory and thread safety. The model is designed to verify the safety of a number of intricate APIs from the Rust standard library, despite the fact that the implementations of these APIs use unsafe language features. Stacked Borrows is a proposed extension of the Rust specification, which enables the compiler to use the strong aliasing information in Rustâs types to better analyze and optimize the code it is compiling. The adequacy of this specification is evaluated not only formally, but also by running real Rust code in an instrumented version of Rustâs Miri interpreter that implements the Stacked Borrows semantics. RustBelt is built on top of Iris, a language-agnostic framework, implemented in the Coq proof assistant, for building higher-order concurrent separation logics. This dissertation begins by giving an introduction to Iris, and explaining how Iris enables the derivation of complex high-level reasoning principles from a few simple ingredients. In RustBelt, this technique is exploited crucially to introduce the lifetime logic, which provides a novel separation-logic account of borrowing, a key distinguishing feature of the Rust type system.Rust ist eine junge systemnahe Programmiersprache, die es sich zum Ziel gesetzt hat, die LĂŒcke zu schlieĂen zwischen Sprachen mit hohem Abstraktionsniveau, die vor Speicher- und NebenlĂ€ufigkeitsfehlern schĂŒtzen, und Sprachen mit niedrigem Abstraktionsniveau, welche dem Programmierer detaillierte Kontrolle ĂŒber die ReprĂ€sentation von Daten und die Verwaltung des Speichers ermöglichen. Diese Dissertation stellt zwei Projekte vor, welche die ersten formalen Grundlagen fĂŒr Rust zum Zwecke des besseren VerstĂ€ndnisses und der weiteren Entwicklung dieser wichtigen Sprache legen: RustBelt und Stacked Borrows. RustBelt ist ein formales Modell des Typsystems von Rust einschlieĂlich eines Korrektheitsbeweises, welcher die Sicherheit von Speicherzugriffen und NebenlĂ€ufigkeit zeigt. Das Modell ist darauf ausgerichtet, einige komplexe Komponenten der Standardbibliothek von Rust zu verifizieren, obwohl die Implementierung dieser Komponenten unsichere Sprachkonstrukte verwendet. Stacked Borrows ist eine Erweiterung der Spezifikation von Rust, die es dem Compiler ermöglicht, den Quelltext mit Hilfe der im Typsystem kodierten Alias-Informationen besser zu analysieren und zu optimieren. Die Tauglichkeit dieser Spezifikation wird nicht nur formal belegt, sondern auch an echten Programmen getestet, und zwar mit Hilfe einer um Stacked Borrows erweiterten Version des Interpreters Miri. RustBelt basiert auf Iris, welches die Konstruktion von Separationslogiken fĂŒr beliebige Programmiersprachen im Beweisassistenten Coq ermöglicht. Diese Dissertation beginnt mit einer EinfĂŒhrung in Iris und erklĂ€rt, wie komplexe Beweismethoden mit Hilfe weniger einfacher Bausteine hergeleitet werden können. In RustBelt wird diese Technik fĂŒr die Umsetzung der âLebenszeitlogikâ verwendet, einer Erweiterung der Separationslogik mit dem Konzept von âLeihgabenâ (borrows), welche eine wichtige Rolle im Typsystem von Rust spielen.This research was supported in part by a European Research Council (ERC) Consolidator Grant for the project "RustBelt", funded under the European Unionâs Horizon 2020 Framework Programme (grant agreement no. 683289)
Programming Languages and Systems
This open access book constitutes the proceedings of the 31st European Symposium on Programming, ESOP 2022, which was held during April 5-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 21 regular papers presented in this volume were carefully reviewed and selected from 64 submissions. They deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems