Abstract
We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical higher-order logic, that completely capture the desired behavior of the Java data structure implementations (with the exception of properties involving execution time and/or memory consumption). Given that the desired correctness properties include intractable constructs such as quantifiers, transitive closure, and lambda abstraction, it is a challenge to successfully prove the generated verification conditions.
Our Jahob verification system uses integrated reasoning to split each verification condition into a conjunction of simpler subformulas, then apply a diverse collection of specialized decision procedures, first-order theorem provers, and, in the worst case, interactive theorem provers to prove each subformula. Techniques such as replacing complex subformulas with stronger but simpler alternatives, exploiting structure inherently present in the verification conditions, and, when necessary, inserting verified lemmas and proof hints into the imperative source code make it possible to seamlessly integrate all of the specialized decision procedures and theorem provers into a single powerful integrated reasoning system. By appropriately applying multiple proof techniques to discharge different subformulas, this reasoning system can effectively prove the complex and challenging verification conditions that arise in this context.
- The Jahob project web page. http://javaverification.org. last accessed: March 2008.]]Google Scholar
- Verisoft project. http://www.verisoft.de, Last accessed March 2008.]]Google Scholar
- W. Ahrendt, T. Baar, B. Beckert, R. Bubel, M. Giese, R. Hähnle, W. Menzel, W. Mostowski, A. Roth, S. Schlager, and P. H. Schmitt. The KeY tool. Software and System Modeling, 4:32--54, 2005.]]Google Scholar
Digital Library
- K. Arkoudas, K. Zee, V. Kuncak, and M. Rinard. Verifying a file system implementation. In ICFEM, volume 3308 of LNCS, 2004.]]Google Scholar
- D. Aspinall. Proof general: A generic tool for proof development. In TACAS, 2000.]] Google Scholar
Digital Library
- T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Proc. ACM PLDI, 2001.]] Google Scholar
Digital Library
- M. Balser,W. Reif, G. Schellhorn, K. Stenzel, and A. Thums. Formal system development with KIV. In FASE, number 1783 in LNCS, 2000.]] Google Scholar
Digital Library
- M. Barnett, R. DeLine, M. F¨ahndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3(6):27--56, 2004.]]Google Scholar
Cross Ref
- D. Basin and S. Friedrich. Combining WS1S and HOL. In Frontiers of Combining Systems 2, 2000.]]Google Scholar
- J. Berdine, C. Calcagno, and P. W. O?Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In FMCO, 2005.]] Google Scholar
Digital Library
- Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development?Coq?Art: The Calculus of Inductive Constructions. Springer, 2004.]] Google Scholar
Digital Library
- D. Beyer, T. A. Henzinger, and G. Th´eoduloz. Lazy shape analysis. In CAV, 2006.]] Google Scholar
Digital Library
- A. Bouali, S. Gnesi, and S. Larosa. The integration project for the JACK environment. Bulletin of the EATCS, (54):207--223, 1994.]]Google Scholar
- C. Bouillaguet, V. Kuncak, T. Wies, K. Zee, and M. Rinard. Using first-order theorem provers in a data structure verification system. In VMCAI?07, November 2007.]] Google Scholar
Digital Library
- C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In ISSTA, 2002.]] Google Scholar
Digital Library
- R. S. Boyer and J. S. Moore. Integrating decision procedures into heuristic theorem provers: A case study of linear arithmetic. In Machine Intelligence, volume 11, pages 83--124. OUP, 1988.]] Google Scholar
Digital Library
- P. Chalin, C. Hurlin, and J. Kiniry. Integrating static checking and interactive verification: Supporting multiple theories and provers in verification. In VSTTE, 2005.]]Google Scholar
- S. Chong and R. Rugina. Static analysis of accessed regions in recursive data structures. In Proc. 10th SAS, volume 2694 of LNCS. Springer, 2003.]] Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Efficient E-matching for SMT solvers. In CADE, 2007.]] Google Scholar
Digital Library
- G. Dennis, F. Chang, and D. Jackson. Modular verification of code with SAT. In ISSTA, 2006.]] Google Scholar
Digital Library
- D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Technical Report 159, COMPAQ Systems Research Center, 1998.]]Google Scholar
- J. Dunfield. A Unified System of Type Refinements. PhD thesis, Carnegie Mellon University, 2007. CMU-CS-07-129.]]Google Scholar
- J.-C. Filliatre. Verification of non-functional programs using interpretations in type theory. Journal of Functional Programming, 13(4):709--745, 2003.]] Google Scholar
Digital Library
- C. Flanagan, K. R. M. Leino, M. Lilibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended Static Checking for Java. In ACM Conf. Programming Language Design and Implementation (PLDI), 2002.]] Google Scholar
Digital Library
- C. Flanagan and J. B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Proc. 28th ACM POPL, 2001.]] Google Scholar
Digital Library
- Y. Ge, C. Barrett, and C. Tinelli. Solving quantified verification conditions using satisfiability modulo theories. In CADE, 2007.]] Google Scholar
Digital Library
- M. J. C. Gordon and T. F. Melham. Introduction to HOL, a theorem proving environment for higher-order logic. Cambridge University Press, Cambridge, England, 1993.]] Google Scholar
Digital Library
- B. Guo, N. Vachharajani, and D. I. August. Shape analysis with inductive recursion synthesis. In PLDI, 2007.]] Google Scholar
Digital Library
- D. Haneberg, G. Schellhorn, H. Grandy, and W. Reif. Verification of Mondex electronic purses with KIV: from transactions to a security protocol. Formal Asp. Comput., 20(1):41--59, 2008.]] Google Scholar
Cross Ref
- J. Henriksen, J. Jensen, M. Jørgensen, N. Klarlund, B. Paige, T. Rauhe, and A. Sandholm. Mona: Monadic second-order logic in practice. In TACAS, 1995.]] Google Scholar
Digital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, and K. L. McMillan. Abstractions from proofs. In 31st POPL, 2004.]] Google Scholar
Digital Library
- M. Hirzel, A. Diwan, and M. Hind. Pointer analysis in the presence of dynamic class loading. In ECOOP, 2004.]]Google Scholar
Cross Ref
- M. Huisman. Java program verification in higher order logic with PVS and Isabelle. PhD thesis, University of Nijmegen, 2001.]]Google Scholar
- M. Huisman, B. Jacobs, and J. van den Berg. A case study in class library verification: Java?s vector class. STTT, 3(3):332--352, 2001.]]Google Scholar
Cross Ref
- J. Hurd. An LCF-style interface between HOL and first-order logic. In CADE-18, 2002.]] Google Scholar
Digital Library
- N. Immerman, A. M. Rabinovich, T.W. Reps, S. Sagiv, and G. Yorsh. The boundary between decidability and undecidability for transitiveclosure logics. In Computer Science Logic (CSL), pages 160--174, 2004.]]Google Scholar
Cross Ref
- N. Immerman, A. M. Rabinovich, T.W. Reps, S. Sagiv, and G. Yorsh. Verification via structure simulation. In CAV, pages 281--294, 2004.]]Google Scholar
- S. Khurshid and D. Marinov. TestEra: Specification-based testing of Java programs using SAT. Autom. Softw. Eng., 11(4):403--434, 2004.]] Google Scholar
Digital Library
- V. Kuncak. Binary search trees. The Archive of Formal Proofs, http://afp.sourceforge.net/, April 2004.]]Google Scholar
- V. Kuncak. Modular Data Structure Verification. PhD thesis, EECS Department, Massachusetts Institute of Technology, February 2007.]] Google Scholar
Digital Library
- V. Kuncak, P. Lam, and M. Rinard. Role analysis. In Annual ACM Symp. on Principles of Programming Languages (POPL), 2002.]] Google Scholar
Digital Library
- V. Kuncak, P. Lam, K. Zee, and M. Rinard. Modular pluggable analyses for data structure consistency. IEEE Transactions on Software Engineering, 32(12), December 2006.]] Google Scholar
Digital Library
- V. Kuncak, H. H. Nguyen, and M. Rinard. An algorithm for deciding BAPA: Boolean Algebra with Presburger Arithmetic. In CADE-20, 2005.]] Google Scholar
Digital Library
- V. Kuncak, H. H. Nguyen, and M. Rinard. Deciding Boolean Algebra with Presburger Arithmetic. J. of Automated Reasoning, 2006. http://dx.doi.org/10.1007/s10817-006-9042-1.]] Google Scholar
Digital Library
- V. Kuncak and M. Rinard. Existential heap abstraction entailment is undecidable. In SAS, 2003.]] Google Scholar
Digital Library
- V. Kuncak and M. Rinard. Towards efficient satisfiability checking for Boolean Algebra with Presburger Arithmetic. In CADE-21, 2007.]] Google Scholar
Digital Library
- S. Lahiri and S. Qadeer. Back to the future: revisiting precise program verification using smt solvers. In POPL, 2008.]] Google Scholar
Digital Library
- S. K. Lahiri and S. Qadeer. Verifying properties of well-founded linked lists. In POPL, 2006.]] Google Scholar
Digital Library
- P. Lam. The Hob System for Verifying Software Design Properties. PhD thesis, Massachusetts Institute of Technology, February 2007.]] Google Scholar
Digital Library
- O. Lee, H. Yang, and K. Yi. Automatic verification of pointer programs using grammar-based shape analysis. In ESOP, 2005.]] Google Scholar
Digital Library
- T. Lev-Ami, N. Immerman, T. Reps, M. Sagiv, S. Srivastava, and G. Yorsh. Simulating reachability using first-order logic with applications to verification of linked data structures. In CADE-20, 2005.]] Google Scholar
Digital Library
- T. Lev-Ami, T. Reps, M. Sagiv, and R. Wilhelm. Putting static analysis to work for verification: A case study. In Int. Symp. Software Testing and Analysis, 2000.]] Google Scholar
Digital Library
- C. Marché, C. Paulin-Mohring, and X. Urbain. The Krakatoa tool for certification of JAVA/JAVACARD programs annotated in JML. Journal of Logic and Algebraic Programming, 2003.]]Google Scholar
- S. McLaughlin, C. Barrett, and Y. Ge. Cooperating theorem provers: A case study combining HOL-Light and CVC Lite. In PDPAR, volume 144(2) of ENTCS, pages 43--51, Jan. 2006.]] Google Scholar
Digital Library
- S. McPeak and G. C. Necula. Data structure specifications via local equality axioms. In CAV, pages 476--490, 2005.]] Google Scholar
Digital Library
- F. Mehta and T. Nipkow. Proving pointer programs in higher-order logic. In CADE-19, 2003.]]Google Scholar
Cross Ref
- J. Meng and L. C. Paulson. Translating higher-order problems to first-order clauses. In ESCoR: Empir. Successful Comp. Reasoning, pages 70--80, 2006.]]Google Scholar
- A. Møller and M. I. Schwartzbach. The Pointer Assertion Logic Engine. In Programming Language Design and Implementation, 2001.]] Google Scholar
Digital Library
- C. Morgan. Programming from Specifications (2nd ed.). Prentice-Hall, Inc., 1994.]] Google Scholar
Digital Library
- G. Nelson. Techniques for program verification. Technical report, XEROX Palo Alto Research Center, 1981.]]Google Scholar
- G. Nelson. Verifying reachability invariants of linked structures. In POPL, 1983.]] Google Scholar
Digital Library
- H. H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape, size and bag properties via separation logic. In VMCAI, 2007.]] Google Scholar
Digital Library
- T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS. Springer-Verlag, 2002.]] Google Scholar
Digital Library
- T. Nipkow and C. Pusch. AVL trees. The Archive of Formal Proofs, http://afp.sourceforge.net/, March 2004.]]Google Scholar
- S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verification system. In D. Kapur, editor, 11th CADE, volume 607 of LNAI, pages 748--752, jun 1992.]] Google Scholar
Digital Library
- A. Podelski and T. Wies. Boolean heaps. In Proc. Int. Static Analysis Symposium, 2005.]] Google Scholar
Digital Library
- S. Ranise and C. Tinelli. The SMT-LIB Standard: Version 1.2. Technical report, Department of Computer Science, The University of Iowa, 2006. Available at www.SMT-LIB.org.]]Google Scholar
- J. Reineke. Shape analysis of sets. Master?s thesis, Universität des Saarlandes, Germany, June 2005.]]Google Scholar
- M. Rinard and P. Diniz. Commutativity analysis: A new analysis technique for parallelizing compilers. TOPLAS, 19(6), Nov. 1997.]] Google Scholar
Digital Library
- Robby, E. Rodríguez, M. B. Dwyer, and J. Hatcliff. Checking JML specifications using an extensible software model checking framework. STTT, 8(3), 2006.]]Google Scholar
- A. Roth. Deduktiver Softwareentwurf am Beispiel des Java Collections Frameworks. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, June 2002.]]Google Scholar
- R. Rugina and M. C. Rinard. Pointer analysis for structured parallel programs. ACM Trans. Program. Lang. Syst., 25(1), 2003.]] Google Scholar
Digital Library
- R. Rugina and M. C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. ACM Trans. Program. Lang. Syst., 27(2), 2005.]] Google Scholar
Digital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM TOPLAS, 24(3):217--298, 2002.]] Google Scholar
Digital Library
- A. Salcianu and M. Rinard. Pointer and escape analysis for multithreaded programs. In PPoPP, 2001.]] Google Scholar
Digital Library
- S. Schulz. E ? A Brainiac Theorem Prover. Journal of AI Communications, 15(2/3):111--126, 2002.]] Google Scholar
Digital Library
- K. Sen, D. Marinov, and G. Agha. Cute: a concolic unit testing engine for c. In ESEC/SIGSOFT FSE, pages 263--272, 2005.]] Google Scholar
Digital Library
- A. Sobeih, V. Mahesh, D. Marinov, and J. Hou. J-Sim: An integrated environment for simulation and model checking of network protocols. In IPDPS, 2007.]]Google Scholar
Cross Ref
- S. Stepney, D. Cooper, and J. Woodcock. An electronic purse: Specification, refinement, and proof. Technical monograph PRG-126, Oxford University Computing Laboratory, 2000.]]Google Scholar
- G. Sutcliffe and C. B. Suttner. The TPTP problem library: CNF release v1.2.1. Journal of Automated Reasoning, 21(2):177--203, 1998.]] Google Scholar
Digital Library
- I. Tonin. Verifying the Mondex case study: The KeY approach. Technical Report 2007-4, Uni. Karlsruhe, July 2007]]Google Scholar
- J. van der Berg and B. Jacobs. The LOOP compiler for Java and UML. Technical Report CSI-R0019, Computing Science Institute, Univ. of Nijmegen, Dec. 2000.]]Google Scholar
- F. Vivien and M. Rinard. Incrementalized pointer and escape analysis. In Proc. ACM PLDI, June 2001.]] Google Scholar
Digital Library
- C. Weidenbach. Combining superposition, sorts and splitting. In A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning, volume II, chapter 27, pages 1965--2013. Elsevier Science, 2001.]] Google Scholar
Digital Library
- M. Wenzel. Isabelle/Isar ? a versatile environment for humanreadable formal proof documents. PhD thesis, Technische Universitaet Muenchen, 2002.]]Google Scholar
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In OOPSLA, Denver, Nov. 1999.]] Google Scholar
Digital Library
- T. Wies, V. Kuncak, P. Lam, A. Podelski, and M. Rinard. Field constraint analysis. In VMCAI, 2006.]] Google Scholar
Digital Library
- T. Wies, V. Kuncak, K. Zee, A. Podelski, and M. Rinard. Verifying complex properties using symbolic shape analysis. In Heap Abstraction and Verification, 2007.]]Google Scholar
- D. Zhu and H. Xi. Safe programming with pointers through stateful views. In PADL, 2005.]] Google Scholar
Digital Library
Index Terms
Full functional verification of linked data structures
Recommendations
Verifying properties of well-founded linked lists
POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesWe describe a novel method for verifying programs that manipulate linked lists, based on two new predicates that characterize reachability of heap cells. These predicates allow reasoning about both acyclic and cyclic lists uniformly with equal ease. The ...
Full functional verification of linked data structures
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify ...
Coinductive Verification of Program Optimizations Using Similarity Relations
Formal verification methods have gained increased importance due to their ability to guarantee system correctness and improve reliability. Nevertheless, the question how proofs are to be formalized in theorem provers is far from being trivial, yet very ...







Comments