42,550 research outputs found
Verifying Relational Properties using Trace Logic
We present a logical framework for the verification of relational properties
in imperative programs. Our work is motivated by relational properties which
come from security applications and often require reasoning about formulas with
quantifier-alternations. Our framework reduces verification of relational
properties of imperative programs to a validity problem into trace logic, an
expressive instance of first-order predicate logic. Trace logic draws its
expressiveness from its syntax, which allows expressing properties over
computation traces. Its axiomatization supports fine-grained reasoning about
intermediate steps in program execution, notably loop iterations. We present an
algorithm to encode the semantics of programs as well as their relational
properties in trace logic, and then show how first-order theorem proving can be
used to reason about the resulting trace logic formulas. Our work is
implemented in the tool Rapid and evaluated with examples coming from the
security field
Reasoning about Partial Correctness Assertions in Isabelle/HOL
Hoare Logic has a long tradition in formal verification and has been continuously developed and used to verify a broad class of programs, including sequential, object-oriented and concurrent programs. The purpose of this work is to provide a detailed and accessible exposition of the several ways the user can conduct, explore and write proofs of correctness of sequential imperative programs with Hoare logic and the ISABELLE proof assistant. With the proof language Isar, it is possible to write structured, readable proofs that are suitable for human understanding and communication
Amortised resource analysis with separation logic
Type-based amortised resource analysis following Hofmann and Jostāwhere resources are associated with individual elements of data structures and doled out to the programmer under a linear typing disciplineāhave been successful in providing concrete resource bounds for functional programs, with good support for inference. In this work we translate the idea of amortised resource analysis to imperative languages by embedding a logic of resources, based on Bunched Implications, within Separation Logic. The Separation Logic component allows us to assert the presence and shape of mutable data structures on the heap, while the resource component allows us to state the resources associated with each member of the structure. We present the logic on a small imperative language with procedures and mutable heap, based on Java bytecode. We have formalised the logic within the Coq proof assistant and extracted a certified verification condition generator. We demonstrate the logic on some examples, including proving termination of in-place list reversal on lists with cyclic tails
On Role Logic
We present role logic, a notation for describing properties of relational
structures in shape analysis, databases, and knowledge bases. We construct role
logic using the ideas of de Bruijn's notation for lambda calculus, an encoding
of first-order logic in lambda calculus, and a simple rule for implicit
arguments of unary and binary predicates. The unrestricted version of role
logic has the expressive power of first-order logic with transitive closure.
Using a syntactic restriction on role logic formulas, we identify a natural
fragment RL^2 of role logic. We show that the RL^2 fragment has the same
expressive power as two-variable logic with counting C^2 and is therefore
decidable. We present a translation of an imperative language into the
decidable fragment RL^2, which allows compositional verification of programs
that manipulate relational structures. In addition, we show how RL^2 encodes
boolean shape analysis constraints and an expressive description logic.Comment: 20 pages. Our later SAS 2004 result builds on this wor
Verification of Imperative Programs by Constraint Logic Program Transformation
We present a method for verifying partial correctness properties of
imperative programs that manipulate integers and arrays by using techniques
based on the transformation of constraint logic programs (CLP). We use CLP as a
metalanguage for representing imperative programs, their executions, and their
properties. First, we encode the correctness of an imperative program, say
prog, as the negation of a predicate 'incorrect' defined by a CLP program T. By
construction, 'incorrect' holds in the least model of T if and only if the
execution of prog from an initial configuration eventually halts in an error
configuration. Then, we apply to program T a sequence of transformations that
preserve its least model semantics. These transformations are based on
well-known transformation rules, such as unfolding and folding, guided by
suitable transformation strategies, such as specialization and generalization.
The objective of the transformations is to derive a new CLP program TransfT
where the predicate 'incorrect' is defined either by (i) the fact 'incorrect.'
(and in this case prog is not correct), or by (ii) the empty set of clauses
(and in this case prog is correct). In the case where we derive a CLP program
such that neither (i) nor (ii) holds, we iterate the transformation. Since the
problem is undecidable, this process may not terminate. We show through
examples that our method can be applied in a rather systematic way, and is
amenable to automation by transferring to the field of program verification
many techniques developed in the field of program transformation.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Stratified least fixpoint logic
Stratified least fixpoint logic or SLFP characterizes the expressibility of stratified logic programs and in a different formulation has been used as a logic of imperative programs. These two formulations of SLFP are proved to be equivalent and a complete sequent calculus for SLFP is presented. It is argued that SLFP is the most appropriate assertion language for program verification. In particular, it is shown that traditional approaches using first-order logic as an assertion language only restrict to interpretations where first-order logic has the same expressibility as SLFP
On the Complexity of Verifying Timed Golog Programs over Description Logic Actions: Extended Version
Golog programs allow to model complex behaviour of agents by combining primitive actions defined in a Situation Calculus theory using imperative and non-deterministic programming language constructs. In general, verifying temporal properties of Golog programs is undecidable. One way to establish decidability is to restrict the logic used by the program to a Description Logic (DL), for which recently some complexity upper bounds for verification problem have been established. However, so far it was open whether these results are tight, and lightweight DLs such as EL have not been studied at all. Furthermore, these results only apply to a setting where actions do not consume time, and the properties to be verified only refer to the timeline in a qualitative way. In a lot of applications, this is an unrealistic assumption. In this work, we study the verification problem for timed Golog programs, in which actions can be assigned differing durations, and temporal properties are specified in a metric branching time logic. This allows to annotate temporal properties with time intervals over which they are evaluated, to specify for example that some property should hold for at least n time units, or should become specified within some specified time window. We establish tight complexity bounds of the verification problem for both expressive and lightweight DLs. Our lower bounds already apply to a very limited fragment of the verification problem, and close open complexity bounds for the non-metrical cases studied before
- ā¦