Abstract
Several recent projects have shown the feasibility of verifying low-level systems software. Verifications based on automated theorem-proving have omitted reasoning about first-class code pointers, which is critical for tasks like certifying implementations of threads and processes. Conversely, verifications that deal with first-class code pointers have featured long, complex, manual proofs. In this paper, we introduce the Bedrock framework, which supports mostly-automated proofs about programs with the full range of features needed to implement, e.g., language runtime systems.
The heart of our approach is in mostly-automated discharge of verification conditions inspired by separation logic. Our take on separation logic is computational, in the sense that function specifications are usually written in terms of reference implementations in a purely functional language. Logical quantifiers are the most challenging feature for most automated verifiers; by relying on functional programs (written in the expressive language of the Coq proof assistant), we are able to avoid quantifiers almost entirely. This leads to some dramatic improvements compared to both past work in classical verification, which we compare against with implementations of data structures like binary search trees and hash tables; and past work in verified programming with code pointers, which we compare against with examples like function memoization and a cooperative threading library.
- Mike Barnett, Bor-Yuh Evan Chang, Robert Deline, Bart Jacobs, and K. Rustan M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Proc. FMCO, 2006. Google Scholar
Digital Library
- Josh Berdine, Cristiano Calcagno, and Peter W. O'Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In Proc. FMCO, 2005. Google Scholar
Digital Library
- Hongxu Cai, Zhong Shao, and Alexander Vaynberg. Certified self-modifying code. In Proc. PLDI, 2007. Google Scholar
Digital Library
- Cristiano Calcagno, Dino Distefano, Peter O'Hearn, and Hongseok Yang. Compositional shape analysis by means of bi-abduction. In Proc. POPL, 2009. Google Scholar
Digital Library
- Bor-Yuh Evan Chang and Xavier Rival. Relational inductive shape analysis. In Proc. POPL, 2008. Google Scholar
Digital Library
- Arthur Charguéraud. Program verification through characteristic formulae. In Proc. ICFP, 2010. Google Scholar
Digital Library
- Adam Chlipala, Gregory Malecha, Greg Morrisett, Avraham Shinnar, and Ryan Wisnesky. Effective interactive proofs for higher-order imperative programs. In Proc. ICFP, 2009. Google Scholar
Digital Library
- Coq Development Team. The Coq proof assistant reference manual, version 8.3. 2010.Google Scholar
- David Delahaye. A tactic language for the system Coq. In Proc. LPAR, 2000. Google Scholar
Digital Library
- David Detlefs, Greg Nelson, and James B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google Scholar
Digital Library
- Xinyu Feng and Zhong Shao. Modular verification of concurrent assembly code with dynamic thread creation and termination. In Proc. ICFP, 2005. Google Scholar
Digital Library
- Xinyu Feng, Zhong Shao, Yuan Dong, and Yu Guo. Certifying low-level programs with hardware interrupts and preemptive threads. In Proc. PLDI, 2008. Google Scholar
Digital Library
- Xinyu Feng, Zhong Shao, Alexander Vaynberg, Sen Xiang, and Zhaozhong Ni. Modular verification of assembly code with stack-based control abstractions. In Proc. PLDI, 2006. Google Scholar
Digital Library
- Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. In Proc. PLDI, 2002. Google Scholar
Digital Library
- Nadeem Abdul Hamid and Zhong Shao. Interfacing Hoare logic and type systems for foundational proof-carrying code. In Proc. TPHOLs, 2004.Google Scholar
Cross Ref
- Chris Hawblitzel and Erez Petrank. Automated verification of practical garbage collectors. In Proc. POPL, 2009. Google Scholar
Digital Library
- Bart Jacobs, Jan Smans, and Frank Piessens. A quick tour of the VeriFast program verifier. In Proc. APLAS, 2010. Google Scholar
Digital Library
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. seL4: Formal verification of an OS kernel. In Proc. SOSP, 2009. Google Scholar
Digital Library
- Viktor Kuncak, Ruzica Piskac, Philippe Suter, and Thomas Wies. Building a calculus of data structures (invited paper). In Proc. VMCAI, 2010. Google Scholar
Digital Library
- Andrew McCreight. Practical tactics for separation logic. In Proc. TPHOLs, 2009. Google Scholar
Digital Library
- Andrew McCreight, Zhong Shao, Chunxiao Lin, and Long Li. A general framework for certifying garbage collectors and their mutators. In Proc. PLDI, 2007. Google Scholar
Digital Library
- Farhad Mehta and Tobias Nipkow. Proving pointer programs in higher-order logic. In Proc. CADE, 2003.Google Scholar
Cross Ref
- Aleksandar Nanevski, Greg Morrisett, Avraham Shinnar, Paul Govereau, and Lars Birkedal. Ynot: Reasoning with the awkward squad. In Proc. ICFP, 2008.Google Scholar
- Zhaozhong Ni and Zhong Shao. Certified assembly programming with embedded code pointers. In Proc. POPL, 2006. Google Scholar
Digital Library
- Zhaozhong Ni, Dachuan Yu, and Zhong Shao. Modular verification of machine-level thread implementation. Technical report, 2006.Google Scholar
- Zhaozhong Ni, Dachuan Yu, and Zhong Shao. Using XCAP to certify realistic system code: Machine context management. In Proc. TPHOLs, 2007. Google Scholar
Digital Library
- Lawrence C. Paulson. Isabelle: A generic theorem prover. Journal of Automated Reasoning, 5, 1994.Google Scholar
- John C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. LICS, 2002. Google Scholar
Digital Library
- Mooly Sagiv, Thomas Reps, and Reinhard Wilhelm. Parametric shape analysis via 3-valued logic. TOPLAS, 24, 2002. Google Scholar
Digital Library
- Jean Yang and Chris Hawblitzel. Safe to the last instruction: automated verification of a type-safe operating system. In Proc. PLDI, 2010. Google Scholar
Digital Library
- Karen Zee, Viktor Kuncak, and Martin Rinard. Full functional verification of linked data structures. In Proc. PLDI, 2008. Google Scholar
Digital Library
- Karen Zee, Viktor Kuncak, and Martin Rinard. An integrated proof language for imperative programs. In Proc. PLDI, 2009. Google Scholar
Digital Library
Index Terms
Mostly-automated verification of low-level programs in computational separation logic
Recommendations
Mostly-automated verification of low-level programs in computational separation logic
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and ImplementationSeveral recent projects have shown the feasibility of verifying low-level systems software. Verifications based on automated theorem-proving have omitted reasoning about first-class code pointers, which is critical for tasks like certifying ...
Effective interactive proofs for higher-order imperative programs
ICFP '09: Proceedings of the 14th ACM SIGPLAN international conference on Functional programmingWe present a new approach for constructing and verifying higher-order, imperative programs using the Coq proof assistant. We build on the past work on the Ynot system, which is based on Hoare Type Theory. That original system was a proof of concept, ...
Effective interactive proofs for higher-order imperative programs
ICFP '09We present a new approach for constructing and verifying higher-order, imperative programs using the Coq proof assistant. We build on the past work on the Ynot system, which is based on Hoare Type Theory. That original system was a proof of concept, ...







Comments