35 research outputs found
LNCS
This paper presents Aligators, a tool for the generation of universally quantified array invariants. Aligators leverages recurrence solving and algebraic techniques to carry out inductive reasoning over array content. The Aligators’ loop extraction module allows treatment of multi-path loops by exploiting their commutativity and serializability properties. Our experience in applying Aligators on a collection of loops from open source software projects indicates the applicability of recurrence and algebraic solving techniques for reasoning about arrays
What's Decidable About Sequences?
We present a first-order theory of sequences with integer elements,
Presburger arithmetic, and regular constraints, which can model significant
properties of data structures such as arrays and lists. We give a decision
procedure for the quantifier-free fragment, based on an encoding into the
first-order theory of concatenation; the procedure has PSPACE complexity. The
quantifier-free fragment of the theory of sequences can express properties such
as sortedness and injectivity, as well as Boolean combinations of periodic and
arithmetic facts relating the elements of the sequence and their positions
(e.g., "for all even i's, the element at position i has value i+3 or 2i"). The
resulting expressive power is orthogonal to that of the most expressive
decidable logics for arrays. Some examples demonstrate that the fragment is
also suitable to reason about sequence-manipulating programs within the
standard framework of axiomatic semantics.Comment: Fixed a few lapses in the Mergesort exampl
Proving Safety with Trace Automata and Bounded Model Checking
Loop under-approximation is a technique that enriches C programs with
additional branches that represent the effect of a (limited) range of loop
iterations. While this technique can speed up the detection of bugs
significantly, it introduces redundant execution traces which may complicate
the verification of the program. This holds particularly true for verification
tools based on Bounded Model Checking, which incorporate simplistic heuristics
to determine whether all feasible iterations of a loop have been considered.
We present a technique that uses \emph{trace automata} to eliminate redundant
executions after performing loop acceleration. The method reduces the diameter
of the program under analysis, which is in certain cases sufficient to allow a
safety proof using Bounded Model Checking. Our transformation is precise---it
does not introduce false positives, nor does it mask any errors. We have
implemented the analysis as a source-to-source transformation, and present
experimental results showing the applicability of the technique
An extension of lazy abstraction with interpolation for programs with arrays
Lazy abstraction with interpolation-based refinement has been shown to be a powerful technique for verifying imperative programs. In presence of arrays, however, the method suffers from an intrinsic limitation, due to the fact that invariants needed for verification usually contain universally quantified variables, which are not present in program specifications. In this work we present an extension of the interpolation-based lazy abstraction framework in which arrays of unknown length can be handled in a natural manner. In particular, we exploit the Model Checking Modulo Theories framework to derive a backward reachability version of lazy abstraction that supports reasoning about arrays. The new approach has been implemented in a tool, called safari, which has been validated on a wide range of benchmarks. We show by means of experiments that our approach can synthesize and prove universally quantified properties over arrays in a completely automatic fashion
2LS: memory safety and non-termination (competition contribution)
2LS is a C program analyser built upon the CPROVER infrastructure. 2LS is bit-precise and it can verify and refute program assertions and termination. 2LS implements template-based synthesis techniques, e.g. to find invariants and ranking functions, and incremental loop unwinding techniques to find counterexamples and -induction proofs. New features in this year's version are improved handling of
heap-allocated data structures using a template domain for shape analysis and two approaches to prove program non-termination
Verification of a Rust Implementation of Knuth's Dancing Links using ACL2
Dancing Links connotes an optimization to a circular doubly-linked list data
structure implementation which provides for fast list element removal and
restoration. The Dancing Links optimization is used primarily in fast
algorithms to find exact covers, and has been popularized by Knuth in Volume 4B
of his seminal series The Art of Computer Programming. We describe an
implementation of the Dancing Links optimization in the Rust programming
language, as well as its formal verification using the ACL2 theorem prover.
Rust has garnered significant endorsement in the past few years as a modern,
memory-safe successor to C/C++ at companies such as Amazon, Google, and
Microsoft, and is being integrated into both the Linux and Windows operating
system kernels. Our interest in Rust stems from its potential as a
hardware/software co-assurance language, with application to critical systems.
We have crafted a Rust subset, inspired by Russinoff's Restricted Algorithmic C
(RAC), which we have imaginatively named Restricted Algorithmic Rust, or RAR.
In previous work, we described our initial implementation of a RAR toolchain,
wherein we simply transpile the RAR source into RAC. By so doing, we leverage a
number of existing hardware/software co-assurance tools with a minimum
investment of time and effort. In this paper, we describe the RAR Rust subset,
describe our improved prototype RAR toolchain, and detail the design and
verification of a circular doubly-linked list data structure employing the
Dancing Links optimization in RAR, with full proofs of functional correctness
accomplished using the ACL2 theorem prover.Comment: In Proceedings ACL2-2023, arXiv:2311.08373. arXiv admin note:
substantial text overlap with arXiv:2205.1170
Program verification in SPARK and ACSL : a comparative case study
We present a case-study of developing a simple software module using contracts, and rigorously verifying it for safety and functional correctness using two very different programming languages, that share the fact that both are extensively used in safety-critical development: SPARK and C/ACSL. This case-study, together with other investigations not detailed here, allows us to establish a comparison in terms of specification effort and degree of automation obtained with each toolset.Fundação para a Ciência e a Tecnologia (FCT
Biabduction (and related problems) in array separation logic
We investigate array separation logic (\mathsf {ASL}), a variant of symbolic-heap separation logic in which the data structures are either pointers or arrays, i.e., contiguous blocks of memory. This logic provides a language for compositional memory safety proofs of array programs. We focus on the biabduction problem for this logic, which has been established as the key to automatic specification inference at the industrial scale. We present an \mathsf {NP} decision procedure for biabduction in \mathsf {ASL}, and we also show that the problem of finding a consistent solution is \mathsf {NP}-hard. Along the way, we study satisfiability and entailment in \mathsf {ASL}, giving decision procedures and complexity bounds for both problems. We show satisfiability to be \mathsf {NP}-complete, and entailment to be decidable with high complexity. The surprising fact that biabduction is simpler than entailment is due to the fact that, as we show, the element of choice over biabduction solutions enables us to dramatically reduce the search space