537 research outputs found
Moving from Specifications to Contracts in Component-Based Design
Abstract. Program properties that are automatically inferred by static analysis tools are generally not considered to be completely trustworthy, unless the tool implementation or the results are formally verified. Here we focus on the formal verification of resource guarantees inferred by automatic cost analysis. Resource guarantees ensure that programs run within the indicated amount of resources which may refer to memory consumption, to number of instructions executed, etc. In previous work we studied formal verification of inferred resource guarantees that depend only on integer data. In realistic programs, however, resource consumption is often bounded by the size of heap-allocated data structures. Bounding their size requires to perform a number of structural heap analyses. The contributions of this paper are (i) to identify what exactly needs to be verified to guarantee sound analysis of heap manipulating programs, (ii) to provide a suitable extension of the program logic used for verification to handle structural heap properties in the context of resource guarantees, and (iii) to improve the underlying theorem prover so that proof obligations can be automatically discharged.
On Verifying Resource Contracts using Code Contracts
In this paper we present an approach to check resource consumption contracts
using an off-the-shelf static analyzer.
We propose a set of annotations to support resource usage specifications, in
particular, dynamic memory consumption constraints. Since dynamic memory may be
recycled by a memory manager, the consumption of this resource is not monotone.
The specification language can express both memory consumption and lifetime
properties in a modular fashion.
We develop a proof-of-concept implementation by extending Code Contracts'
specification language. To verify the correctness of these annotations we rely
on the Code Contracts static verifier and a points-to analysis. We also briefly
discuss possible extensions of our approach to deal with non-linear
expressions.Comment: In Proceedings LAFM 2013, arXiv:1401.056
Resource Usage Protocols for Iterators
We discuss usage protocols for iterator objects that prevent concurrent modifications of the underlying collection while iterators are in progress. We formalize these protocols in Java-like object interfaces, enriched with separation logic contracts. We present examples of iterator clients and proofs that they adhere to the iterator protocol, as well as examples of iterator implementations and proofs that they implement the iterator interface
Modular Formal Verification of Rust Programs with Unsafe Blocks
Rust is a modern systems programming language whose type system guarantees
memory safety. For the sake of expressivity and performance it allows
programmers to relax typing rules temporarily, using unsafe code blocks.
However, in unsafe blocks, the burden of making sure that the code does not end
up having undefined behaviour is on the programmer. Even most expert
programmers make mistakes and a memory safety bug in an unsafe block renders
all the type system guarantees void. To address this problem we are trying to
verify soundness of Rust unsafe code applying our Modular Symbolic Execution
algorithm. This text outlines our approach and the progress that has been made
so far.Comment: 22 pages, 13 listings, 3 figures, Technical report, Appendix by Bart
Jacob
Bringing Iris into the Verified Software Toolchain
The Verified Software Toolchain (VST) is a system for proving correctness of
C programs using separation logic. By connecting to the verified compiler
CompCert, it produces the strongest possible guarantees of correctness for real
C code that we can compile and run. VST included concurrency from its
inception, in the form of reasoning about lock invariants, but concurrent
separation logic (CSL) has advanced by leaps and bounds since then. In this
paper, we describe efforts to integrate advancements from Iris, a
state-of-the-art mechanized CSL, into VST. Some features of Iris (ghost state
and invariants) are re-implemented in VST from the ground up; others (Iris
Proof Mode) are imported from the Iris development; still others (proof rules
for atomic operations) are axiomatized, with the hope that they will be made
foundational in future versions. The result is a system that can prove
correctness of sophisticated concurrent programs implemented in C, with
fine-grained locking and non-blocking atomic operations, that yields varying
soundness guarantees depending on the features used.Comment: 21 pages, 4 figure
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity
We present a lightweight approach to Hoare-style specifications for
fine-grained concurrency, based on a notion of time-stamped histories that
abstractly capture atomic changes in the program state. Our key observation is
that histories form a partial commutative monoid, a structure fundamental for
representation of concurrent resources. This insight provides us with a
unifying mechanism that allows us to treat histories just like heaps in
separation logic. For example, both are subject to the same assertion logic and
inference rules (e.g., the frame rule). Moreover, the notion of ownership
transfer, which usually applies to heaps, has an equivalent in histories. It
can be used to formally represent helping---an important design pattern for
concurrent algorithms whereby one thread can execute code on behalf of another.
Specifications in terms of histories naturally abstract granularity, in the
sense that sophisticated fine-grained algorithms can be given the same
specifications as their simplified coarse-grained counterparts, making them
equally convenient for client-side reasoning. We illustrate our approach on a
number of examples and validate all of them in Coq.Comment: 17 page
- ā¦