skip to main content

Certifying the synthesis of heap-manipulating programs

Published:19 August 2021Publication History
Skip Abstract Section

Abstract

Automated deductive program synthesis promises to generate executable programs from concise specifications, along with proofs of correctness that can be independently verified using third-party tools. However, an attempt to exercise this promise using existing proof-certification frameworks reveals significant discrepancies in how proof derivations are structured for two different purposes: program synthesis and program verification. These discrepancies make it difficult to use certified verifiers to validate synthesis results, forcing one to write an ad-hoc translation procedure from synthesis proofs to correctness proofs for each verification backend.

In this work, we address this challenge in the context of the synthesis and verification of heap-manipulating programs. We present a technique for principled translation of deductive synthesis derivations (a.k.a. source proofs) into deductive target proofs about the synthesised programs in the logics of interactive program verifiers. We showcase our technique by implementing three different certifiers for programs generated via SuSLik, a Separation Logic-based tool for automated synthesis of programs with pointers, in foundational verification frameworks embedded in Coq: Hoare Type Theory (HTT), Iris, and Verified Software Toolchain (VST), producing concise and efficient machine-checkable proofs for characteristic synthesis benchmarks.

Skip Supplemental Material Section

Supplemental Material

3473589.mp4

Presentation Videos

Auxiliary Presentation Video

This is a presentation video of our talk at ICFP 2021 on our paper accepted in the research track. In this paper, we present a technique for principled translation of deductive synthesis derivations (a.k.a. source proofs) into deductive target proofs about the synthesised programs in the logics of interactive program verifiers. We showcase our technique by implementing three different certifiers for programs generated via SuSLik, a Separation Logic-based tool for automated synthesis of programs with pointers, in foundational verification frameworks embedded in Coq: Hoare Type Theory (HTT), Iris, and Verified Software Toolchain (VST), producing concise and efficient machine-checkable proofs for characteristic synthesis benchmarks.

References

  1. Andrew W. Appel. 2001. Foundational Proof-Carrying Code. In LICS. IEEE Computer Society, 247–256. https://doi.org/10.1109/LICS.2001.932501 Google ScholarGoogle ScholarCross RefCross Ref
  2. Andrew W. Appel. 2011. Verified Software Toolchain - (Invited Talk). In ESOP (LNCS, Vol. 6602). Springer, 1–17. https://doi.org/10.1007/978-3-642-19718-5_1 Google ScholarGoogle Scholar
  3. Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program Logics for Certified Compilers. Cambridge University Press. isbn:978-1-10-704801-0 https://doi.org/10.1017/CBO9781107256552 Google ScholarGoogle ScholarCross RefCross Ref
  4. Gilles Barthe, David Pichardie, and Tamara Rezk. 2013. A certified lightweight non-interference Java bytecode verifier. Math. Struct. Comput. Sci., 23, 5 (2013), 1032–1081. https://doi.org/10.1017/S0960129512000850 Google ScholarGoogle ScholarCross RefCross Ref
  5. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2005. Symbolic Execution with Separation Logic. In APLAS (LNCS, Vol. 3780). Springer, 52–68. https://doi.org/10.1007/11575467_5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Josh Berdine, Cristiano Calcagno, and Peter W. O’Hearn. 2006. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In FMCO (LNCS, Vol. 4111). Springer, 115–137. https://doi.org/10.1007/11804192_6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Frédéric Besson, Thomas P. Jensen, and David Pichardie. 2006. Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci., 364, 3 (2006), 273–291. https://doi.org/10.1016/j.tcs.2006.08.012 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Frédéric Besson and Evgeny Makarov. 2020. Micromega: solvers for arithmetic goals over ordered rings. Online documentation available at https://coq.inria.fr/refman/addendum/micromega.htmlGoogle ScholarGoogle Scholar
  9. Qinxiang Cao, Lennart Beringer, Samuel Gruetter, Josiah Dodds, and Andrew W. Appel. 2018. VST-Floyd: A Separation Logic Tool to Verify Correctness of C Programs. J. Autom. Reason., 61, 1-4 (2018), 367–422. https://doi.org/10.1007/s10817-018-9457-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Arthur Charguéraud. 2020. Separation logic for sequential programs (functional pearl). Proc. ACM Program. Lang., 4, ICFP (2020), 116:1–116:34. https://doi.org/10.1145/3408998 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Juan Chen, Ravi Chugh, and Nikhil Swamy. 2010. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI. ACM, 412–423. https://doi.org/10.1145/1806596.1806643 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Wei-Ngan Chin, Cristina David, and Cristian Gherghina. 2011. A HIP and SLEEK verification system. In OOPSLA (Companion). ACM, 9–10. https://doi.org/10.1145/2048147.2048152 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Adam Chlipala. 2011. Mostly-automated verification of low-level programs in computational separation logic. In PLDI. ACM, 234–245. https://doi.org/10.1145/1993498.1993526 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Adam Chlipala, Benjamin Delaware, Samuel Duchovni, Jason Gross, Clément Pit-Claudel, Sorawit Suriyakarn, Peng Wang, and Katherine Ye. 2017. The End of History? Using a Proof Assistant to Replace Language Design with Library Design. In SNAPL (LIPIcs, Vol. 71). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 3:1–3:15. https://doi.org/10.4230/LIPIcs.SNAPL.2017.3 Google ScholarGoogle ScholarCross RefCross Ref
  15. Claudio Sacerdoti Coen. 2004. A Semi-reflexive Tactic for (Sub-)Equational Reasoning. In TYPES (LNCS, Vol. 3839). Springer, 98–114. https://doi.org/10.1007/11617990_7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Lukasz Czajka and Cezary Kaliszyk. 2018. Hammer for Coq: Automation for Dependent Type Theory. J. Autom. Reason., 61, 1-4 (2018), 423–453. https://doi.org/10.1007/s10817-018-9458-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. David Delahaye. 2000. A Tactic Language for the System Coq. In LPAR (LNCS, Vol. 1955). Springer, 85–95. https://doi.org/10.1007/3-540-44404-1_7 Google ScholarGoogle ScholarCross RefCross Ref
  18. Benjamin Delaware, Clément Pit-Claudel, Jason Gross, and Adam Chlipala. 2015. Fiat: Deductive Synthesis of Abstract Data Types in a Proof Assistant. In POPL. ACM, 689–700. https://doi.org/10.1145/2676726.2677006 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Burak Ekici, Alain Mebsout, Cesare Tinelli, Chantal Keller, Guy Katz, Andrew Reynolds, and Clark W. Barrett. 2017. SMTCoq: A Plug-In for Integrating SMT Solvers into Coq. In CAV (LNCS, Vol. 10427). Springer, 126–133. https://doi.org/10.1007/978-3-319-63390-9_7 Google ScholarGoogle ScholarCross RefCross Ref
  20. Georges Gonthier, Assia Mahboubi, and Enrico Tassi. 2009. A Small Scale Reflection Extension for the Coq system. Microsoft Research – Inria Joint Centre.Google ScholarGoogle Scholar
  21. Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan (Newman) Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In OSDI. USENIX Association, 653–669. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/guGoogle ScholarGoogle Scholar
  22. Robert Harper, Furio Honsell, and Gordon D. Plotkin. 1993. A Framework for Defining Logics. J. ACM, 40, 1 (1993), 143–184. https://doi.org/10.1145/138027.138060 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Jifeng He, C. A. R. Hoare, and Jeff W. Sanders. 1986. Data Refinement Refined. In ESOP (LNCS, Vol. 213). Springer, 187–196. https://doi.org/10.1007/3-540-16442-1_14 Google ScholarGoogle ScholarCross RefCross Ref
  24. Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, George C. Necula, Grégoire Sutre, and Westley Weimer. 2002. Temporal-Safety Proofs for Systems Code. In CAV (LNCS, Vol. 2404). Springer, 526–538. https://doi.org/10.1007/3-540-45657-0_45 Google ScholarGoogle ScholarCross RefCross Ref
  25. Shachar Itzhaky, Hila Peleg, Nadia Polikarpova, Reuben Rowe, and Ilya Sergey. 2021. Cyclic Program Synthesis. In PLDI. ACM, 944–959. https://doi.org/10.1145/3453483.3454087 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Bart Jacobs, Jan Smans, Pieter Philippaerts, Frédéric Vogels, Willem Penninckx, and Frank Piessens. 2011. VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java. In NASA Formal Methods (LNCS, Vol. 6617). Springer, 41–55. https://doi.org/10.1007/978-3-642-20398-5_4 Google ScholarGoogle ScholarCross RefCross Ref
  27. Ralf Jung. 2020. Understanding and Evolving the Rust Programming Language. Ph.D. Dissertation. Saarland University.Google ScholarGoogle Scholar
  28. Ralf Jung, Robbert Krebbers, Lars Birkedal, and Derek Dreyer. 2016. Higher-order ghost state. In ICFP. ACM, 256–269. https://doi.org/10.1145/2951913.2951943 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Ralf Jung, Robbert Krebbers, Jacques-Henri Jourdan, Ales Bizjak, Lars Birkedal, and Derek Dreyer. 2018. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. J. Funct. Program., 28 (2018), e20. https://doi.org/10.1017/S0956796818000151 Google ScholarGoogle ScholarCross RefCross Ref
  30. Etienne Kneuss, Ivan Kuraj, Viktor Kuncak, and Philippe Suter. 2013. Synthesis modulo recursive functions. In OOPSLA. ACM, 407–426. https://doi.org/10.1145/2509136.2509555 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Robbert Krebbers, Amin Timany, and Lars Birkedal. 2017. Interactive Proofs in Higher-Order Concurrent Separation Logic. In POPL. ACM, 205–217. https://doi.org/10.1145/3009837.3009855 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: a verified implementation of ML. In POPL. ACM, 179–192. https://doi.org/10.1145/2535838.2535841 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In POPL. ACM, 42–54. https://doi.org/10.1145/1111037.1111042 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Assia Mahboubi and Enrico Tassi. 2013. Canonical Structures for the Working Coq User. In ITP (LNCS, Vol. 7998). Springer, 19–34. https://doi.org/10.1007/978-3-642-39634-2_5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Assia Mahboubi and Enrico Tassi. 2021. Mathematical Components. https://doi.org/10.5281/zenodo.4457887 Available at Google ScholarGoogle ScholarCross RefCross Ref
  36. Zohar Manna and Richard J. Waldinger. 1980. A Deductive Approach to Program Synthesis. ACM Trans. Program. Lang. Syst., 2, 1 (1980), 90–121. https://doi.org/10.1145/357084.357090 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Alberto Martelli and Ugo Montanari. 1973. Additive AND/OR Graphs. In IJCAI. William Kaufmann, 1–11.Google ScholarGoogle Scholar
  38. Peter Müller, Malte Schwerhoff, and Alexander J. Summers. 2016. Viper: A Verification Infrastructure for Permission-Based Reasoning. In VMCAI (LNCS, Vol. 9583). Springer, 41–62. https://doi.org/10.1007/978-3-662-49122-5_2 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Aleksandar Nanevski, Greg Morrisett, Avi Shinnar, Paul Govereau, and Lars Birkedal. 2008. Ynot: Dependent Types for Imperative Programs. In ICFP. ACM, 229–240. https://doi.org/10.1145/1411204.1411237 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Aleksandar Nanevski, Viktor Vafeiadis, and Josh Berdine. 2010. Structuring the verification of heap-manipulating programs. In POPL. ACM, 261–274. https://doi.org/10.1145/1706299.1706331 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. George C. Necula. 1997. Proof-Carrying Code. In POPL. ACM Press, 106–119. https://doi.org/10.1145/263699.263712 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. George C. Necula and Peter Lee. 1996. Safe Kernel Extensions Without Run-Time Checking. In OSDI. ACM, 229–243. https://doi.org/10.1145/238721.238781 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. George C. Necula and Peter Lee. 1998. The Design and Implementation of a Certifying Compiler. In PLDI. ACM, 333–344. https://doi.org/10.1145/277650.277752 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Peter W. O’Hearn, John C. Reynolds, and Hongseok Yang. 2001. Local Reasoning about Programs that Alter Data Structures. In CSL (LNCS, Vol. 2142). Springer, 1–19. https://doi.org/10.1007/3-540-44802-0_1 Google ScholarGoogle ScholarCross RefCross Ref
  45. Clément Pit-Claudel, Peng Wang, Benjamin Delaware, Jason Gross, and Adam Chlipala. 2020. Extensible Extraction of Efficient Imperative Programs with Foreign Functions, Manually Managed Memory, and Proofs. In IJCAR (LNCS, Vol. 12167). Springer, 119–137. https://doi.org/10.1007/978-3-030-51054-1_7 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Nadia Polikarpova and Ilya Sergey. 2019. Structuring the Synthesis of Heap-Manipulating Programs. PACMPL, 3, POPL (2019), 72:1–72:30. https://doi.org/10.1145/3290385 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. John C. Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In LICS. IEEE Computer Society, 55–74. https://doi.org/10.1109/LICS.2002.1029817 Google ScholarGoogle Scholar
  48. Reuben N. S. Rowe and James Brotherston. 2017. Automatic cyclic termination proofs for recursive procedures in separation logic. In CPP. ACM, 53–65. https://doi.org/10.1145/3018610.3018623 Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Ilya Sergey. 2014. Programs and Proofs: Mechanizing Mathematics with Dependent Types. https://doi.org/10.5281/zenodo.4996238 Lecture notes with exercises. Google ScholarGoogle ScholarCross RefCross Ref
  50. Christian Skalka, John Ring, David Darais, Minseok Kwon, Sahil Gupta, Kyle Diller, Steffen Smolka, and Nate Foster. 2019. Proof-Carrying Network Code. In CCS. ACM, 1115–1129. https://doi.org/10.1145/3319535.3363214 Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Matthieu Sozeau. 2009. A New Look at Generalized Rewriting in Type Theory. J. Formaliz. Reason., 2, 1 (2009), 41–62. https://doi.org/10.6092/issn.1972-5787/1574 Google ScholarGoogle ScholarCross RefCross Ref
  52. Yasunari Watanabe. 2021. A Framework for Certified Program Synthesis. Master’s thesis. National University of Singapore.Google ScholarGoogle Scholar
  53. Yasunari Watanabe, Kiran Gopinathan, George Pîrlea, Nadia Polikarpova, and Ilya Sergey. 2021. Certified (ICFP 2021 Artifact): Code and Benchmarks. https://doi.org/10.5281/zenodo.5005829 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Eran Yahav. 2020. "A synthesizer is a compiler that doesn’t work". https://twitter.com/IsilDillig/status/1287125716761542656 Attributed to Eran Yahav by Işil Dillig in a tweet on July 26, 2020.Google ScholarGoogle Scholar

Index Terms

  1. Certifying the synthesis of heap-manipulating programs

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!