136 research outputs found
Why Just Boogie? Translating Between Intermediate Verification Languages
The verification systems Boogie and Why3 use their respective intermediate
languages to generate verification conditions from high-level programs. Since
the two systems support different back-end provers (such as Z3 and Alt-Ergo)
and are used to encode different high-level languages (such as C# and Java),
being able to translate between their intermediate languages would provide a
way to reuse one system's features to verify programs meant for the other. This
paper describes a translation of Boogie into WhyML (Why3's intermediate
language) that preserves semantics, verifiability, and program structure to a
large degree. We implemented the translation as a tool and applied it to 194
Boogie-verified programs of various sources and sizes; Why3 verified 83% of the
translated programs with the same outcome as Boogie. These results indicate
that the translation is often effective and practically applicable
Building an IDE for the Calculational Derivation of Imperative Programs
In this paper, we describe an IDE called CAPS (Calculational Assistant for
Programming from Specifications) for the interactive, calculational derivation
of imperative programs. In building CAPS, our aim has been to make the IDE
accessible to non-experts while retaining the overall flavor of the
pen-and-paper calculational style. We discuss the overall architecture of the
CAPS system, the main features of the IDE, the GUI design, and the trade-offs
involved.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
Checking Zenon Modulo Proofs in Dedukti
Dedukti has been proposed as a universal proof checker. It is a logical
framework based on the lambda Pi calculus modulo that is used as a backend to
verify proofs coming from theorem provers, especially those implementing some
form of rewriting. We present a shallow embedding into Dedukti of proofs
produced by Zenon Modulo, an extension of the tableau-based first-order theorem
prover Zenon to deduction modulo and typing. Zenon Modulo is applied to the
verification of programs in both academic and industrial projects. The purpose
of our embedding is to increase the confidence in automatically generated
proofs by separating untrusted proof search from trusted proof verification.Comment: In Proceedings PxTP 2015, arXiv:1507.0837
Readable semi-automatic formal proofs of Depth-First Search in graphs using Why3
Quite often formal proofs are not published in conferences or journal articles, because formal proofs are usually too long. A typical article states the ability of having implemented a formal proof, but the proof itself is often sketched in terms of a natural language. At best, some formal lemmas and definitions are stated. Can we do better ? We try here to publish the details of a formal proof of the white-paths theorem about depth-first search in graphs. We use Why3 as the proving platform, because Why3 uses first-order logic augmented with inductive definitions of predicates and because Why3 makes possible to delegate bits of proofs to on-the-shelf automatic provers at same time as Why3 provides interfaces with interactive proof checkers such that Coq, PVS or Isabelle. Algorithms on graphs are also a good testbed since graphs are combinatorial structures whose algebraic properties are not fully obvious. Depth-first search may look over-simple, but it is the first step of the construction of a library of readable formal proofs for more complex algorithms on graphs with more realistic data structures
Predicting SMT solver performance for software verification
The approach Why3 takes to interfacing with a wide variety of interactive
and automatic theorem provers works well: it is designed to overcome
limitations on what can be proved by a system which relies on a single
tightly-integrated solver. In common with other systems, however, the degree
to which proof obligations (or “goals”) are proved depends as much on
the SMT solver as the properties of the goal itself. In this work, we present a
method to use syntactic analysis to characterise goals and predict the most
appropriate solver via machine-learning techniques.
Combining solvers in this way - a portfolio-solving approach - maximises
the number of goals which can be proved. The driver-based architecture of
Why3 presents a unique opportunity to use a portfolio of SMT solvers for
software verification. The intelligent scheduling of solvers minimises the
time it takes to prove these goals by avoiding solvers which return Timeout
and Unknown responses. We assess the suitability of a number of machinelearning
algorithms for this scheduling task.
The performance of our tool Where4 is evaluated on a dataset of proof
obligations. We compare Where4 to a range of SMT solvers and theoretical
scheduling strategies. We find that Where4 can out-perform individual
solvers by proving a greater number of goals in a shorter average time.
Furthermore, Where4 can integrate into a Why3 user’s normal workflow -
simplifying and automating the non-expert use of SMT solvers for software
verification
- …