Verification of C++ Programs with VeriFast

VeriFast is a prototype tool based on separation logic for modular verification of C and Java programs. We are in the process of adding support for C++. In this report, we describe the features of C++ for which we added support so far, as well as the proof obligations we generate for these features. At this point, VeriFast has basic support for most object-oriented programming features of C++: member functions, member function and operator overloading, implicit and explicit conversions, constructors and initializer lists, destructors, reference types, allocation and deallocation on the stack or on the heap (using new and delete), inheritance (including multiple inheritance but not virtual base classes), and virtual member functions and overriding. To support specification of inheritance hierarchies, we added support for instance predicates, which can be introduced in a base class and overridden in derived classes. The main missing feature at this point is support for C++ templates, which we plan to work on next.Comment: 20 page

Permission-Based Separation Logic for Multithreaded Java Programs

This paper presents a program logic for reasoning about multithreaded Java-like programs with dynamic thread creation, thread joining and reentrant object monitors. The logic is based on concurrent separation logic. It is the first detailed adaptation of concurrent separation logic to a multithreaded Java-like language. The program logic associates a unique static access permission with each heap location, ensuring exclusive write accesses and ruling out data races. Concurrent reads are supported through fractional permissions. Permissions can be transferred between threads upon thread starting, thread joining, initial monitor entrancies and final monitor exits. In order to distinguish between initial monitor entrancies and monitor reentrancies, auxiliary variables keep track of multisets of currently held monitors. Data abstraction and behavioral subtyping are facilitated through abstract predicates, which are also used to represent monitor invariants, preconditions for thread starting and postconditions for thread joining. Value-parametrized types allow to conveniently capture common strong global invariants, like static object ownership relations. The program logic is presented for a model language with Java-like classes and interfaces, the soundness of the program logic is proven, and a number of illustrative examples are presented