scispace - formally typeset
Search or ask a question
Dissertation

Extending the reach and power of deductive program verification

18 Dec 2009-
TL;DR: A novel program logic for specifying correctness properties of object-oriented programs with unbounded thread-based concurrency is defined and a calculus is presented, which allows verifying actual Java programs and is based on symbolic execution resulting in its good understandability for the user.
Abstract: Software is vital for modern society. The efficient development of correct and reliable software is of ever-growing importance. An important technique to achieve this goal is deductive program verification: the construction of logical proofs that programs are correct. In this thesis, we address three important challenges for deductive verification on its way to a wider deployment in the industry: 1. verification of thread-based concurrent programs 2. correctness management of verification systems 3. change management in the verification process. These are consistently brought up by practitioners when applying otherwise mature verification systems. The three challenges correspond to the three parts of this thesis (not counting the introductory first part, providing technical background on the KeY verification approach). In the first part, we define a novel program logic for specifying correctness properties of object-oriented programs with unbounded thread-based concurrency. We also present a calculus for the above logic, which allows verifying actual Java programs. The calculus is based on symbolic execution resulting in its good understandability for the user. We describe the implementation of the calculus in the KeY verification system and present a case study. In the second part, we provide a first systematic survey and appraisal of factors involved in reliability of formal reasoning. We elucidate the potential and limitations of self-application of formal methods in this area and give recommendations based on our experience in design and operation of verification systems. In the third part, we show how the technique of similarity-based proof reuse can be applied to the problems of industrial verification life cycle. We address issues (e.g., coping with changes in the proof system) that are important in verification practice, but have been neglected by research so far.

Content maybe subject to copyright    Report

Citations
More filters
01 Dec 2004
TL;DR: JavaFAN as discussed by the authors is a Java program analysis framework that can symbolically execute multithreaded programs, detect safety violations searching through an unbounded state space, and verify finite state programs by explicit state model checking.
Abstract: JavaFAN is a Java program analysis framework, that can symbolically execute multithreaded programs, detect safety violations searching through an unbounded state space, and verify finite state programs by explicit state model checking. Both Java language and JVM bytecode analyses are possible. JavaFAN's implementation consists of only 3,000 lines of Maude code, specifying formally the semantics of Java and JVM in rewriting logic and then using the capabilities of Maude for efficient execution, search and LTL model checking of rewriting theories.

116 citations

Journal ArticleDOI
TL;DR: This paper presents an integrated development environment for Dafny-a programming language, verifier, and proof assistant-that addresses issues present in most state-of-the-art verifiers: low responsiveness and lack of support for understanding non-obvious verification failures.
Abstract: In recent years, program verifiers and interactive theorem provers have become more powerful and more suitable for verifying large programs or proofs. This has demonstrated the need for improving the user experience of these tools to increase productivity and to make them more accessible to non-experts. This paper presents an integrated development environment for Dafny-a programming language, verifier, and proof assistant-that addresses issues present in most state-of-the-art verifiers: low responsiveness and lack of support for understanding non-obvious verification failures. The paper demonstrates several new features that move the state-of-the-art closer towards a verification environment that can provide verification feedback as the user types and can present more helpful information about the program or failed verifications in a demand-driven and unobtrusive way.

53 citations


Cites background from "Extending the reach and power of de..."

  • ...Work on such change management has been done, for example, in the context of KIV [21] and KeY [12]....

    [...]

Journal ArticleDOI
26 Apr 2014
TL;DR: Dafny as mentioned in this paper is an integrated development environment for Dafny, a programming language, verifier and proof assistant that addresses issues present in most state-of-the-art verifiers: low responsiveness and lack of support for understanding non-obvious verification failures.
Abstract: In recent years, program verifiers and interactive theorem provers have become more powerful and more suitable for verifying large programs or proofs. This has demonstrated the need for improving the user experience of these tools to increase productivity and to make them more accessible to nonexperts. This paper presents an integrated development environment for Dafny—a programming language, verifier, and proof assistant—that addresses issues present in most state-of-the-art verifiers: low responsiveness and lack of support for understanding non-obvious verification failures. The paper demonstrates several new features that move the state-of-the-art closer towards a verification environment that can provide verification feedback as the user types and can present more helpful information about the program or failed verifications in a demand-driven and unobtrusive way.

36 citations

Proceedings ArticleDOI
24 Jan 2012
TL;DR: The tool set that is currently being built to support reasoning with the VerCors logic supports a specification language that combines features of separation logic with JML, and the first results on data structure specifications are described.
Abstract: This paper describes the first results and on-going work in the VerCors project. The VerCors project is about Verification of Concurrent Data Structures. Its goal is to develop a specification language and program logic for concurrent programs, and in particular for concurrent data structures, as these are the essential building blocks of many different concurrent programs. The program logic is based on our earlier work on permission-based separation logic for Java. This is an extension of Hoare logic that is particularly convenient to reason about concurrent programs.The paper first describes the tool set that is currently being built to support reasoning with this logic. It supports a specification language that combines features of separation logic with JML. For the verification, the program and its annotations are encoded into Chalice, and then we reuse the Chalice translation to Boogie to generate the proof obligations.Next, the paper describes our first results on data structure specifications. We use histories to keep track of the changes to the data structures, and we show how these histories allow us to derive other conclusions about the data structure implementations. We also discuss how we plan to reason about volatile variables, and how we will use this to verify lock-free data structures.Throughout the paper, we discuss our plans for future work within the VerCors project.

33 citations


Cites methods from "Extending the reach and power of de..."

  • ...The Java Memory Model [39] ensures that there cannot be data races on volatile variables, but their value can be changed at any point by any other thread....

    [...]

  • ...In Java, two notions of lock-freeness can be identi.ed: in the .rst case, all shared data is volatile, and the Java Memory Model [39] ensures that there are no data races....

    [...]

  • ...Klebanov has proposed an extension of dynamic logic in the Key system, to reason about the behavior of programs with data races, respecting the Java Memory Model [34]....

    [...]

Book ChapterDOI
18 Jul 2015
TL;DR: A system for fine-grained caching of verification results that uses the program’s call graph and control-flow graph to focus the verification effort on just the parts of the program that were affected by the user's most recent modifications.
Abstract: Developing provably correct programs is an incremental process that often involves a series of interactions with a program verifier To increase the responsiveness of the program verifier during such interactions, we designed a system for fine-grained caching of verification results The caching system uses the program’s call graph and control-flow graph to focus the verification effort on just the parts of the program that were affected by the user’s most recent modifications The novelty lies in how the original program is instrumented with cached information to avoid unnecessary work for the verifier The system has been implemented in the Boogie verification engine, which allows it to be used by different verification front ends that target the intermediate verification language Boogie; we present one such application in the integrated development environment for the Dafny programming language The paper describes the architecture and algorithms of the caching system and reports on how much it improves the performance of the verifier in practice

23 citations


Cites methods from "Extending the reach and power of de..."

  • ...Such work has been done for the KIV [23] and KeY [16] tools....

    [...]

References
More filters
Journal ArticleDOI
TL;DR: It is suggested that input and output are basic primitives of programming and that parallel composition of communicating sequential processes is a fundamental program structuring method.
Abstract: This paper suggests that input and output are basic primitives of programming and that parallel composition of communicating sequential processes is a fundamental program structuring method. When combined with a development of Dijkstra's guarded command, these concepts are surprisingly versatile. Their use is illustrated by sample solutions of a variety of a familiar programming exercises.

11,419 citations

Book
01 Jan 1985

9,210 citations

Book
01 Jan 2002
TL;DR: This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.
Abstract: Elementary Techniques.- 1. The Basics.- 2. Functional Programming in HOL.- 3. More Functional Programming.- 4. Presenting Theories.- Logic and Sets.- 5. The Rules of the Game.- 6. Sets, Functions, and Relations.- 7. Inductively Defined Sets.- Advanced Material.- 8. More about Types.- 9. Advanced Simplification, Recursion, and Induction.- 10. Case Study: Verifying a Security Protocol.

2,964 citations

Journal ArticleDOI
James C. King1
TL;DR: A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
Abstract: This paper describes the symbolic execution of programs. Instead of supplying the normal inputs to a program (e.g. numbers) one supplies symbols representing arbitrary values. The execution proceeds as in a normal execution except that values may be symbolic formulas over the input symbols. The difficult, yet interesting issues arise during the symbolic execution of conditional branch type statements. A particular system called EFFIGY which provides symbolic execution for program testing and debugging is also described. It interpretively executes programs written in a simple PL/I style programming language. It includes many standard debugging features, the ability to manage and to prove things about symbolic expressions, a simple program testing manager, and a program verifier. A brief discussion of the relationship between symbolic execution and program proving is also included.

2,941 citations


"Extending the reach and power of de..." refers methods in this paper

  • ...e calculus performs symbolic execution of programs—a method, which goes back to [King, 1976] and ensures good understandability of the process for the user....

    [...]

  • ...For this reduction we employ the technique of symbolic execution [King, 1976]....

    [...]

Journal ArticleDOI

2,459 citations


"Extending the reach and power of de..." refers methods in this paper

  • ...at, however, is impossible because JAVA CARD DL includes rst-order arithmetic, which is already inherently incomplete as established by Gödel’s Incompleteness eorem [Gödel, 1931]....

    [...]