research-article

Automated program verification made SYMPLAR: symbolic permissions for lightweight automated reasoning

Author:
Kevin Bierhoff

Two Sigma Investments, New York, NY, USA

Two Sigma Investments, New York, NY, USA
View Profile

Onward! 2011: Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and softwareOctober 2011Pages 19–32https://doi.org/10.1145/2048237.2048242

Published:22 October 2011Publication History

Onward! 2011: Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software

Pages 19–32

ABSTRACT

Research in automated program verification against specifications written in first-order logic has come a long way. Ever-faster Satisfiability Modulo Theories (SMT) solvers [Barrett et al. 2010] promise to verify program instructions quickly against specifications. Unfortunately, aliasing still prevents automated program verification tools from easily and soundly verifying interesting programs. This paper introduces the use of symbolic permissions as the basis for sound automated program verification. Symbolic permissions provide a simple alias control mechanism with expressiveness similar to the well-known fractional permissions [Boyland 2003]. The paper shows that symbolic permissions can be enforced with a linear refinement typechecking procedure. Once permissions are checked, aliasing can essentially be ignored for the purposes of program verification, which allows taking full advantage of SMT solvers for doing the heavy verification lifting. The paper shows that a verification tool based on symbolic permissions can easily verify a design pattern with inherent aliasing challenges.

References

J. Aldrich, V. Kostadinov, and C. Chambers. Alias annotations for program understanding. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 311--330, Nov. 2002. Google ScholarDigital Library
M. Barnett and D. A. Naumann. Friends need a bit more: Maintaining object invariants over shared state. In Mathematics of Program Construction, pages 54--84. Springer, 2004.Google ScholarCross Ref
drich, Leino, and Schulte}barnett04invariantsM. Barnett, R. DeLine, M. Fahndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3 (6): 27--56, June 2004.Google ScholarCross Ref
C. Barrett, A. Stump, and C. Tinelli. The SMT-LIB Standard, Version 2.0, Mar. 2010. URL http://goedel.cs.uiowa.edu/smtlib/.Google Scholar
N. E. Beckman. Types for Correct Concurrent API Usage. PhD thesis, Carnegie Mellon University, Dec. 2010. Google ScholarDigital Library
N. E. Beckman, K. Bierhoff, and J. Aldrich. Verifying correct usage of Atomic blocks and typestate. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 227--244, Oct. 2008. Google ScholarDigital Library
K. Bierhoff. API Protocol Compliance in Object-Oriented Software. PhD thesis, Carnegie Mellon University, Apr. 2009. Google ScholarDigital Library
K. Bierhoff and J. Aldrich. Modular typestate checking of aliased objects. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 301--320, Oct. 2007. Google ScholarDigital Library
K. Bierhoff and J. Aldrich. Permissions to specify the composite design pattern. In 7th International Workshop on Specification and Verification of Component-Based Systems, Nov. 2008.Google Scholar
K. Bierhoff and C. Hawblitzel. Checking the hardware-software interface in Spec. In 4th Workshop on Programming Languages and Operating Systems. ACM Digital Library, Oct. 2007. http://doi.acm.org/10.1145/1376789.1376802. Google ScholarDigital Library
K. Bierhoff, N. E. Beckman, and J. Aldrich. Practical API protocol checking with Access Permissions. In European Conference on Object-Oriented Programming, pages 195--219. Springer, July 2009. Google ScholarDigital Library
}bodden07stagedE. Bodden, L. Hendren, and O. Lhoták. A staged static program analysis to improve the performance of runtime monitoring. In European Conference on Object-Oriented Programming, pages 525--549. Springer, 2007. Google ScholarDigital Library
R. Bornat, C. Calcagno, P. O'Hearn, and M. Parkinson. Permission accounting in separation logic. In ACM Symposium on Principles of Programming Languages, pages 259--270, Jan. 2005. http://doi.acm.org/10.1145/1047659.1040327. Google ScholarDigital Library
J. Boyland. Checking interference with fractional permissions. In International Symposium on Static Analysis, pages 55--72. Springer, 2003. Google ScholarDigital Library
J. T. Boyland and W. Retert. Connecting effects and uniqueness with adoption. In ACM Symposium on Principles of Programming Languages, pages 283--295, Jan. 2005. Google ScholarDigital Library
C. Calcagno, D. Distefano, P. O'Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. In ACM Symposium on Principles of Programming Languages, pages 289--300. ACM, Jan. 2009. ISBN 978--1--60558--379--2. http://doi.acm.org/10.1145/1480881.1480917. Google ScholarDigital Library
L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Conference on Tools and Algorithms for the Construction and Analysis of Systems, 2008. Google ScholarDigital Library
W. Dietl and P. Müller. Universes: Lightweight ownership for JML. Journal of Object Technology, 4 (8): 5--32, 2005. URL http://www.jot.fm/issues/issues 2005 10/article1.Google ScholarCross Ref
M. Fahndrich and R. DeLine. Adoption and focus: Practical linear types for imperative programming. In ACM Conference on Programming Language Design and Implementation, pages 13--24, June 2002. Google ScholarDigital Library
M. Fahndrich and S. Xia. Establishing object invariants with delayed types. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 337--350, Oct. 2007. ISBN 978--1--59593--786--5. http://doi.acm.org/10.1145/1297027.1297052. Google ScholarDigital Library
C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. Saxe, and R. Stata. Extended static checking for Java. In ACM Conference on Programming Language Design and Implementation, pages 234--245, May 2002. Google ScholarDigital Library
C. Haack and C. Hurlin. Resource usage protocols for iterators. In International Workshop on Aliasing, Confinement and Ownership, July 2008.Google Scholar
S. Heule, K. R. M. Leino, P. Müller, and A. J. Summers. Fractional permissions without the fractions. In Workshop on Formal Techniques for Java-like Programs, July 2011. Google ScholarDigital Library
A. Igarashi, B. Pierce, and P. Wadler. Featherweight Java: A minimal core calculus for Java and GJ. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 132--146, 1999. Google ScholarDigital Library
B. Jacobs and F. Piessens. The VeriFast program verifier. Technical Report CW-520, Department of Computer Science, Katholieke Universiteit Leuven, Aug. 2008.Google Scholar
N. Krishnaswami. Reasoning about iterators with separation logic. In 5th International Workshop on Specification and Verification of Component-Based Systems, pages 83--86. ACM Press, Nov. 2006. Google ScholarDigital Library
G. T. Leavens, A. L. Baker, and C. Ruby. JML: A notation for detailed design. In H. Kilov, B. Rumpe, and I. Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175--188. Kluwer Academic Publishers, Boston, 1999.Google ScholarDigital Library
B. H. Liskov and J. M. Wing. A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems, 16 (6): 1811--1841, Nov. 1994. Google ScholarDigital Library
P. Müller. Modular Specification and Verification of Object-Oriented Programs. Springer, 2002.Google ScholarCross Ref
P. Müller and A. Rudich. Ownership transfer in Universe types. In ACM Conference on Object-Oriented Programming, Systems, Languages & Applications, pages 461--478, Oct. 2007. ISBN 978--1--59593--786--5. http://doi.acm.org/10.1145/1297027.1297061. Google ScholarDigital Library
M. J. Parkinson and G. M. Bierman. Separation logic, abstraction and inheritance. In ACM Symposium on Principles of Programming Languages, pages 75--86, Jan. 2008. Google ScholarDigital Library
G. Ramalingam, A. Warshavsky, J. Field, D. Goyal, and M. Sagiv. Deriving specialized program analyses for certifying component-client conformance. In ACM Conference on Programming Language Design and Implementation, pages 83--94, 2002. ISBN 1--58113--463-0. http://doi.acm.org/10.1145/512529.512540. Google ScholarDigital Library
J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In IEEE Symposium on Logic in Computer Science, pages 55--74, 2002. Google ScholarDigital Library
D. Saini, J. Sunshine, and J. Aldrich. A theory of Typestate oriented programming. In Workshop on Formal Techniques for Java-like Programs (FTfJP), 2010. Google ScholarDigital Library
J. Smans, B. Jacobs, and F. Piessens. Implicit dynamic frames: Combining dynamic frames and separation logic. In European Conference on Object-oriented Programming, pages 148--172. Springer, July 2009. Google ScholarDigital Library
T. Terauchi. Checking race freedom via linear programming. In ACM Conference on Programming Language Design and Implementation, pages 1--10, June 2008. Google ScholarDigital Library
T. Terauchi and A. Aiken. A capability calculus for concurrency and determinism. ACM Transactions on Programming Languages and Systems (TOPLAS), 30 (5): 1--30, Aug. 2008. ISSN 0164-0925. http://doi.acm.org/10.1145/1387673.1387676. Google ScholarDigital Library
Y. Zhao. Concurrency Analysis Based on Fractional Permission System. PhD thesis, University of Wisconsin-Milwaukee, Aug. 2007. Google ScholarDigital Library

Index Terms

Automated program verification made SYMPLAR: symbolic permissions for lightweight automated reasoning

Recommendations

Template-based program verification and program synthesis

Program verification is the task of automatically generating proofs for a program's compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification ...
Read More
Program verification using templates over predicate abstraction
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation

We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating pre-conditions under which the assertions are valid. We present three novel algorithms, having ...
Read More
Program verification using templates over predicate abstraction
PLDI '09

We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating pre-conditions under which the assertions are valid. We present three novel algorithms, having ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
Onward! 2011: Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software
October 2011
134 pages
ISBN:9781450309417
DOI:10.1145/2048237
General Chair:
Robert Hirschfeld
Hasso-Plattner-Insitut Potsdam, Germany
,
Program Chair:
Eelco Visser
Delft University of Technology, Netherlands
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 October 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
SMT solvers
aliasing
symbolic permissions
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate40of105submissions,38%
Upcoming Conference
SPLASH '24

Sponsor:

sigplan

ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity

October 20 - 25, 2024

Pasadena , CA , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 165
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.