Abstract
We present a language-independent verification framework that can be instantiated with an operational semantics to automatically generate a program verifier. The framework treats both the operational semantics and the program correctness specifications as reachability rules between matching logic patterns, and uses the sound and relatively complete reachability logic proof system to prove the specifications using the semantics. We instantiate the framework with the semantics of one academic language, KernelC, as well as with three recent semantics of real-world languages, C, Java, and JavaScript, developed independently of our verification infrastructure. We evaluate our approach empirically and show that the generated program verifiers can check automatically the full functional correctness of challenging heap-manipulating programs implementing operations on list and tree data structures, like AVL trees. This is the first approach that can turn the operational semantics of real-world languages into correct-by-construction automatic verifiers.
- VCC: A verifier for concurrent C. http://vcc. codeplex.com. Accessed: October 5, 2016.Google Scholar
- S. Antoy, R. Echahed, and M. Hanus. A needed narrowing strategy. J. ACM, 47(4):776–822, 2000. Google Scholar
Digital Library
- A. W. Appel. Verified software toolchain. In ESOP, volume 6602 of LNCS, pages 1–17, 2011. Google Scholar
Digital Library
- M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Proceedings of the 4th International Conference on Formal Methods for Components and Objects (FMCO’05), volume 4111 of LNCS, pages 364–387, 2006. Google Scholar
Digital Library
- M. Barnett, M. Fähndrich, K. R. M. Leino, P. Müller, W. Schulte, and H. Venter. Specification and verification: the Spec# experience. Commun. ACM, 54(6):81–91, 2011. Google Scholar
Digital Library
- B. Beckert, R. Hähnle, and P. H. Schmitt. Verification of Objectoriented Software: The KeY Approach. Springer-Verlag, 2007. Google Scholar
Digital Library
- G. Berry and G. Boudol. The chemical abstract machine. Theoretical Computer Science, 96(1):217–248, 1992. Google Scholar
Digital Library
- D. Bogdanas and G. Rosu. K-Java: A complete semantics of Java. In POPL, pages 445–456. ACM, 2015. Google Scholar
Digital Library
- S. Bucur, J. Kinder, and G. Candea. Prototyping symbolic execution engines for interpreted languages. In ASPLOS, pages 239–254. ACM, 2014. Google Scholar
Digital Library
- A. Chlipala. Mostly-automated verification of low-level programs in computational separation logic. In PLDI, pages 234– 245, 2011. Google Scholar
Digital Library
- E. Cohen, M. Dahlweid, M. A. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. VCC: A practical system for verifying concurrent C. In TPHOLs, volume 5674 of LNCS, pages 23–42, 2009. Google Scholar
Digital Library
- A. ¸ Stefănescu, S. Ciobâcă, R. Mereu¸tă, B. M. Moore, T. F. ¸ Serbănu¸tă, and G. Ro¸su. All-path reachability logic. In RTA, volume 8560 of LNCS, pages 425–440, July 2014.Google Scholar
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. Semantics-based generation of verification conditions by program specialization. In PPDP, pages 91–102. ACM, 2015. Google Scholar
Digital Library
- L. M. de Moura and N. Bjørner. E fficient E-matching for SMT solvers. In CADE, volume 4603 of LNCS, pages 183–198, 2007. Google Scholar
Digital Library
- L. M. de Moura and N. Bjørner. Z3: An e fficient SMT solver. In TACAS, volume 4963 of LNCS, pages 337–340, 2008. Google Scholar
Digital Library
- L. M. de Moura and N. Bjørner. Generalized, e fficient array decision procedures. In FMCAD, pages 45–52. IEEE, 2009.Google Scholar
- D. Distefano and M. J. Parkinson. jStar: Towards practical verification for Java. In OOPSLA, pages 213–226. ACM, 2008. Google Scholar
Digital Library
- C. Ellison and G. Ros, u. An executable formal semantics of C with applications. In POPL, pages 533–544. ACM, 2012. Google Scholar
Digital Library
- M. Felleisen, R. B. Findler, and M. Flatt. Semantics Engineering with PLT Redex. MIT, 2009. Google Scholar
Digital Library
- J. Filliâtre and C. Marché. The why /krakatoa/caduceus platform for deductive program verification. In CAV, volume 4590 of LNCS, pages 173–177, 2007. Google Scholar
Digital Library
- J. Filliâtre and A. Paskevich. Why3 - where programs meet provers. In ESOP, volume 7792 of LNCS, pages 125–128, 2013. Google Scholar
Digital Library
- C. George, A. E. Haxthausen, S. Hughes, R. Milne, S. Prehn, and J. S. Pedersen. The RAISE Development Method. Prentice Hall, 1995.Google Scholar
- S. Grebenshchikov, N. P. Lopes, C. Popeea, and A. Rybalchenko. Synthesizing software verifiers from proof rules. In PLDI, pages 405–416. ACM, 2012. Google Scholar
Digital Library
- D. Harel, D. Kozen, and J. Tiuryn. Dynamic logic. In Handbook of Philosophical Logic, pages 497–604, 1984.Google Scholar
Cross Ref
- C. Hathhorn, C. Ellison, and G. Rosu. Defining the undefinedness of C. In PLDI, pages 336–345. ACM, 2015. Google Scholar
Digital Library
- B. Jacobs. Weakest pre-condition reasoning for Java programs with JML annotations. J. Logic and Algebraic Programming, 58(1-2):61–88, 2004.Google Scholar
Cross Ref
- B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens. Verifast: A powerful, sound, predictable, fast verifier for C and Java. In Proceedings of the Third International Conference on NASA Formal Methods (NFM’11), volume 6617 of LNCS, pages 41–55, 2011. Google Scholar
Digital Library
- S. K. Lahiri and S. Qadeer. Verifying properties of wellfounded linked lists. In POPL, pages 115–126, 2006. Google Scholar
Digital Library
- D. Leinenbach and T. Santen. Verifying the microsoft hyper-v hypervisor with VCC. In FM, volume 5850 of LNCS, pages 806–809, 2009. Google Scholar
Digital Library
- K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In LPAR, pages 348–370, 2010. Google Scholar
Digital Library
- K. R. M. Leino, P. Müller, and J. Smans. Deadlock-free channels and locks. In ESOP, volume 6012 of LNCS, pages 407–426, 2010. Google Scholar
Digital Library
- H. Liu and J. S. Moore. Java program verification via a JVM deep embedding in ACL2. In TPHOLs, volume 3223 of LNCS, pages 184–200, 2004.Google Scholar
- P. Madhusudan, X. Qiu, and A. ¸ Stefănescu. Recursive proofs for inductive tree data-structures. In POPL, pages 123–136. ACM, 2012. Google Scholar
Digital Library
- A. Møller and M. I. Schwartzbach. The pointer assertion logic engine. In PLDI, pages 221–231, 2001. Google Scholar
Digital Library
- H. H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape and size properties via separation logic. In VMCAI, volume 4349 of LNCS, pages 251–266, 2007. Google Scholar
Digital Library
- T. Nipkow. Winskel is (almost) right: Towards a mechanized semantics textbook. Formal Aspects of Computing, 10:171– 186, 1998.Google Scholar
Digital Library
- P. W. O’Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL, volume 2142 of LNCS, pages 1–19, 2001. Google Scholar
Digital Library
- D. Park, A. Stefanescu, and G. Rosu. KJS: A complete formal semantics of JavaScript. In PLDI, pages 346–356. ACM, 2015. Google Scholar
Digital Library
- E. Pek, X. Qiu, and P. Madhusudan. Natural proofs for data structure manipulation in C using separation logic. In PLDI, pages 440–451. ACM, 2014. Google Scholar
Digital Library
- J. A. N. Pérez and A. Rybalchenko. Separation logic + superposition calculus = heap theorem prover. In PLDI, pages 556–566. ACM, 2011. Google Scholar
Digital Library
- X. Qiu, P. Garg, A. ¸ Stefănescu, and P. Madhusudan. Natural proofs for structure, data, and separation. In PLDI, pages 231–242. ACM, 2013. Google Scholar
Digital Library
- G. Ro¸su. Matching logic — extended abstract. In RTA, volume 36 of Leibniz International Proceedings in Informatics (LIPIcs), pages 5–21. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, 2015.Google Scholar
- G. Ro¸su, A. ¸ Stefănescu, S. Ciobâcă, and B. M. Moore. Onepath reachability logic. In LICS, pages 358–367. IEEE, 2013.Google Scholar
- G. Ros, u and T.-F. S, erbănut, ă. An overview of the K semantic framework. J. Logic and Algebraic Programming, 79(6):397– 434, 2010.Google Scholar
Cross Ref
- G. Ros, u and A. S, tefănescu. From Hoare logic to matching logic reachability. In FM, volume 7436 of LNCS, pages 387– 402, 2012.Google Scholar
- G. Ros, u and A. S, tefănescu. Towards a unified theory of operational and axiomatic semantics. In ICALP, volume 7392 of LNCS, pages 351–363, 2012.Google Scholar
- G. Ros, u and A. S, tefănescu. Checking reachability using matching logic. In OOPSLA, pages 555–574. ACM, 2012. Google Scholar
Digital Library
- G. Ros, u, C. Ellison, and W. Schulte. Matching logic: An alternative to Hoare /Floyd logic. In AMAST, volume 6486 of LNCS, pages 142–162, 2010. Google Scholar
Digital Library
Index Terms
Semantics-based program verifiers for all languages
Recommendations
Semantics-based program verifiers for all languages
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsWe present a language-independent verification framework that can be instantiated with an operational semantics to automatically generate a program verifier. The framework treats both the operational semantics and the program correctness specifications ...
Generating Proof Certificates for a Language-Agnostic Deductive Program Verifier
Previous work on rewriting and reachability logic establishes a vision for a language-agnostic program verifier, which takes three inputs: a program, its formal specification, and the formal semantics of the programming language in which the program ...
Validating Formal Semantics by Property-Based Cross-Testing
IFL '20: Proceedings of the 32nd Symposium on Implementation and Application of Functional LanguagesTo describe the behaviour of programs in a programming language we can define a formal semantics for the language, and formalise it in a proof assistant. From this semantics we can derive the behaviour of each particular program in the language. But ...









Comments