Automating Deductive Verification for Weak-Memory Programs

Writing correct programs for weak memory models such as the C11 memory model is challenging because of the weak consistency guarantees these models provide. The first program logics for the verification of such programs have recently been proposed, but their usage has been limited thus far to manual proofs. Automating proofs in these logics via first-order solvers is non-trivial, due to reasoning features such as higher-order assertions, modalities and rich permission resources. In this paper, we provide the first implementation of a weak memory program logic using existing deductive verification tools. We tackle three recent program logics: Relaxed Separation Logic and two forms of Fenced Separation Logic, and show how these can be encoded using the Viper verification infrastructure. In doing so, we illustrate several novel encoding techniques which could be employed for other logics. Our work is implemented, and has been evaluated on examples from existing papers as well as the Facebook open-source Folly library.Comment: Extended version of TACAS 2018 publicatio

12th International Workshop on Termination (WST 2012) : WST 2012, February 19–23, 2012, Obergurgl, Austria / ed. by Georg Moser

This volume contains the proceedings of the 12th International Workshop on Termination (WST 2012), to be held February 19–23, 2012 in Obergurgl, Austria. The goal of the Workshop on Termination is to be a venue for presentation and discussion of all topics in and around termination. In this way, the workshop tries to bridge the gaps between different communities interested and active in research in and around termination. The 12th International Workshop on Termination in Obergurgl continues the successful workshops held in St. Andrews (1993), La Bresse (1995), Ede (1997), Dagstuhl (1999), Utrecht (2001), Valencia (2003), Aachen (2004), Seattle (2006), Paris (2007), Leipzig (2009), and Edinburgh (2010). The 12th International Workshop on Termination did welcome contributions on all aspects of termination and complexity analysis. Contributions from the imperative, constraint, functional, and logic programming communities, and papers investigating applications of complexity or termination (for example in program transformation or theorem proving) were particularly welcome. We did receive 18 submissions which all were accepted. Each paper was assigned two reviewers. In addition to these 18 contributed talks, WST 2012, hosts three invited talks by Alexander Krauss, Martin Hofmann, and Fausto Spoto

COSMICAH 2005: workshop on verification of COncurrent Systems with dynaMIC Allocated Heaps (a Satellite event of ICALP 2005) - Informal Proceedings

Lisboa Portugal, 10 July 200

CZF does not have the Existence Property

Constructive theories usually have interesting metamathematical properties where explicit witnesses can be extracted from proofs of existential sentences. For relational theories, probably the most natural of these is the existence property, EP, sometimes referred to as the set existence property. This states that whenever (\exists x)\phi(x) is provable, there is a formula \chi(x) such that (\exists ! x)\phi(x) \wedge \chi(x) is provable. It has been known since the 80's that EP holds for some intuitionistic set theories and yet fails for IZF. Despite this, it has remained open until now whether EP holds for the most well known constructive set theory, CZF. In this paper we show that EP fails for CZF

A Verified Information-Flow Architecture

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators

An Improved Interface for Interactive Proofs in Separation Logic

Seit Software entwickelt wird, stellt sich die Frage, ob diese korrekt ist, d.h. ob sie das tut, was sie tun soll. Gegeben eine formale Spezifikation der Anforderungen, ist eine Aufgabe der Softwareverifikation also zu beweisen, ob eine Implementierung diese Spezifikation erfüllt. Diese Aufgabe kann schwierig zu lösen sein, wenn die verwendete Programmiersprache Befehle mit globalem Effekt erlaubt, sodass diese andere Befehle in unabhängigen Teilen des Programms beeinflussen können, zum Beispiel durch einen gemeinsam genutzten Heap-Speicher. Separation-Logic löst dieses Problem, indem es Aussagen um einen separierenden Operator erweitert, wodurch es möglich ist, Teile eines Programms als unabhängig vom Rest des Programms anzusehen. Ein Werkzeug, das Beweise zur Softwareverifikation unterstützt, sind interaktive Theorembeweiser. Allerdings benötigen Separation-Logic-Beweise in interaktiven Theorembeweisern, besonders mit nicht-linearem Typsystem, viel manuellen Aufwand zur Verwaltung der benötigten Datenstrukturen. Dies kann vermieden werden, indem dem Nutzer eine Schnittstelle zur Verfügung gestellt wird, die Beweise auf der typischen, höheren Abstraktionsebene ermöglicht. Diese Arbeit beschreibt eine neue Schnittstelle für Separation-Logic-Beweise in dem interaktiven Theorembeweiser Lean 4, basierend auf dem Iris-Projekt, und die Verbesserungen an dieser Schnittstelle