42 research outputs found
Formal Specification and Verification of Hyperledger Fabric Chaincode
Smart contracts are programs building on blockchain technology.
They implement functionality that has been agreed on between
the concerned parties on a network. However, their immutability
and exposed position make them vulnerable to programming errors,
leading to faulty behavior and possible exploits. Therefore,
smart contracts demand a particularly thorough analysis,
ideally using formal program verification. In this paper, we
present an approach for the deductive verification of
Hyperledger Fabric smart contracts using the KeY prover.
We have extended KeY to handle Fabric ledger implementations;
in particular, we have developed mechanisms for reasoning about
serialization and object persistence. The feasibility of our
approach is demonstrated with a small case study
Combining rule- and SMT-based reasoning for verifying floating-point Java programs in KeY
Deductive verification has been successful in verifying interesting properties of real-world programs. One notable gap is the limited support for floating-point reasoning. This is unfortunate, as floating-point arithmetic is particularly unintuitive to reason about due to rounding as well as the presence of the special values infinity and âNot a Numberâ (NaN). In this article, we present the first floating-point support in a deductive verification tool for the Java programming language. Our support in the KeY verifier handles floating-point arithmetics, transcendental functions, and potentially rounding-type casts. We achieve this with a combination of delegation to external SMT solvers on the one hand, and KeY-internal, rule-based reasoning on the other hand, exploiting the complementary strengths of both worlds. We evaluate this integration on new benchmarks and show that this approach is powerful enough to prove the absence of floating-point special valuesâoften a prerequisite for correct programsâas well as functional properties, for realistic benchmarks
Verification of Red-Black Trees in KeY - A Case Study in Deductive Java Verification
WĂ€hrend das ausfĂŒhrliche Testen von Software das Auftreten von Fehlern unwahrscheinlicher macht, kann mit formaler Verifikation durch Beweise garantiert werden, dass sich ein Programm fĂŒr sĂ€mtliche Eingaben korrekt verhĂ€lt. Besonders fĂŒr tausendfach verwendete Grundelemente wie die Datenstrukturen und Algorithmen einer Standardbibliothek ist eine formale Verifikation daher erstrebenswert.
In dieser Fallstudie spezifizieren und verifizieren wir eine Java-Implementierung von Rot-Schwarz-BĂ€umen mit KeY. KeY ist ein Tool zur formalen Verifikation von Java-Programmen, und verwendet dabei Dynamic Frames fĂŒr Aussagen ĂŒber Speicherbereiche, also das Framing. Rot-Schwarz-BĂ€ume sind eine beliebte Datenstruktur fĂŒr das effiziente Speichern und Auslesen von Elementen und sind zum Beispiel in der Klasse java.util.TreeMap der Java Class Library umgesetzt. In beiden Bereichen existieren verschiedenste Fallstudien â die in KeY betrachten jedoch kaum Baumstrukturen und existierende Rot-Schwarz-Baum-Verifizierungen gehen auf andere Weise als KeY mit Framing um.
In dieser Arbeit kommen wir zu dem Schluss, dass die Verifikation von Baumstrukturen mit Dynamic Frames möglich ist, jedoch im Vergleich zu anderen AnsĂ€tzen viel zusĂ€tzlichen Aufwand mit sich bringt. DarĂŒber hinaus erkunden wir generelle StĂ€rken und SchwĂ€chen von KeY und machen einige VorschlĂ€ge zur Verbesserung der Benutzbarkeit. AuĂerdem testen wir mit JML Scripts und Proof Caching neue Methoden zur Beweis-Automatisierung und -Persistierung
Takeuti\u27s First-Order Theory of Ordinals Revisited
These notes contain technical details that could not be fitted into the paper submitted to IJCAR 2018. The conference submission analyses the relationship between Takeutiâs theory of ordinals published in [6] and my theory in the paper [5]
Advancing Deductive Program-Level Verification for Real-World Application: Lessons Learned from an Industrial Case Study
This thesis is concerned with practicability of deductive program verification on source code level. As part of a case study for the verification of real-world software, the specification and verification approach to show correctness of the virtualizing kernel PikeOS is presented. Issues within the verification process using current tools and methodologies are discussed and several aspects of these problems are then addressed in detail to improve the verification process and tool usability
Reconstructing Z3 Proofs With KeY
KeY dient zur formalen Verifikation spezifizierter Eigenschaften von Java-Programmen.DafĂŒr werden aus der formalen Spezifikation sowie dem Programm-Code Beweisverpflichtungen generiert. Diese werden dann Schritt fĂŒr Schritt in eine Menge von Formeln der PrĂ€dikatenlogik erster Stufe ĂŒberfĂŒhrt. Da diese allerdings unentscheidbar ist, ist es eine groĂe Herausforderung, einen Beweis fĂŒr diese Formelmenge zu finden.
Moderne SMT-Solver, wie zum Beispiel Z3, sind genau auf diesen Anwendungszweck hin optimiert. Daher ist schon lange in KeY die Möglichkeit eingebaut, (Teil-)Probleme fĂŒr SMT-Solver zu ĂŒbersetzen. Das Ergebnis bei diesem Vorgehen ist ein partieller Beweis in KeY, der von (möglicherweise mehreren) SMT-Antworten komplettiert wird. Da Z3 aber auch Beweise fĂŒr seine Antworten liefern kann, gibt es hier Verbesserungspotential: In dieser Thesis wird eine Technik zum Nachspielen der Z3 Beweise in KeY vorgestellt, sodass man als Ergebnis einen geschlossenen Beweis in KeY erhĂ€lt und die SMT-Antworten verworfen werden können. Herausforderungen sowohl systematischer als auch technischer
Natur werden identifiziert and Lösungen dafĂŒr vogestellt.
SchlieĂlich wird auch eine prototypische Implementierung der Technik zum Nachspielen der Beweise zur VerfĂŒgung gestellt. Im Evaluations-Teil der Arbeit wird die LeistungsfĂ€higkeit dieser Implementierung sowie die zukĂŒnfigen Möglichkeiten erörtert
Abstract Execution: Automatically Proving Infinitely Many Programs
Abstract programs contain schematic placeholders representing potentially infinitely many concrete programs. They naturally occur in multiple areas of computer science concerned with correctness: rule-based compilation and optimization, code refactoring and other source-to-source transformations, program synthesis, Correctness-by-Construction, and more. Mechanized correctness arguments about abstract programs are frequently conducted in interactive environments. While this permits expressing arbitrary properties quantifying over programs, substantial effort has to be invested to prove them manually by writing proof scripts. Existing approaches to proving abstract program properties automatically, on the other hand, lack expressiveness. Frequently, they only support placeholders representing all possible instantiations; in some cases, minor refinements are supported.
This thesis bridges that gap by presenting Abstract Execution (AE), an automatic reasoning technique for universal behavioral properties of abstract programs. The restriction to universal (no existential quantification) and behavioral (not addressing internal structure) properties excludes certain applications; however, it is the key to automation. Our logic for Abstract Execution uses abstract state changes to represent unknown effects on local variables and the heap, and models abrupt completion by symbolic branching. In this logic, schematic placeholders have names: It is possible to re-use them at several places, representing the same program elements in potentially different contexts. Furthermore, the represented concrete programs can be constrained by an expressive specification language, which is a unique feature of AE. We use the theory of dynamic frames to scale between full abstraction and total precision of frame specifications, and support fine-grained pre- and postconditions for (abrupt) completion.
We implemented AE by extending the program verifier KeY. Specifically for relational verification of abstract Java programs, we developed REFINITY, a graphical KeY frontend. We used REFINITY it in our signature application of AE: to model well-known statement-level refactoring techniques and prove their conditional safety. Several yet undocumented behavioral preconditions for safe refactorings originated in this case study, which is one of very few attempts to statically prove behavioral correctness of statement-level refactorings, and the only one to cover them to that extent.
AE extends Symbolic Execution (SE) for abstract programs. As a foundational contribution, we propose a general framework for SE based on the semantics of symbolic states. It natively integrates state merging by supporting m-to-n transitions. We define two orthogonal correctness notions, exhaustiveness and precision, and formally prove their relation to program proving and bug detection.
Finally, we introduce Modal Trace Logic (MTL), a trace-based logic to represent a variety of different program verification tasks, especially for relational verification. It is a âplug-inâ logic which can be integrated on-demand with formal languages that have a trace semantics. The core of MTL is the trace modality, which allows expressing that a specification approximates an implementation after a trace abstraction step. We demonstrate the versatility of this approach by formalizing concrete verification tasks in MTL, ranging from functional verification over program synthesis to program evolution. To reason about MTL problems, we translate them to symbolic traces. We suggest Symbolic Trace Logic (STL), which comes with a sequent calculus to prove symbolic trace inclusions. This requires checking symbolic states for subsumption; to that end, we provide two generally useful notions of symbolic state subsumption. This framework relates as follows to the other parts of this thesis: We use the language of abstract programs to express synthesis and compilation, which connects MTL to AE. Moreover, symbolic states of STL are based on our framework for SE