Results 1 
7 of
7
Natural Proofs for Asynchronous Programs using AlmostSynchronous Reductions
"... We consider the problem of provably verifying that an asynchronous messagepassing system satisfies its local assertions. We present a novel reduction scheme for asynchronous eventdriven programs that finds almostsynchronous invariants — invariants consisting of global states where message buf ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
We consider the problem of provably verifying that an asynchronous messagepassing system satisfies its local assertions. We present a novel reduction scheme for asynchronous eventdriven programs that finds almostsynchronous invariants — invariants consisting of global states where message buffers are close to empty. The reduction finds almostsynchronous invariants and simultaneously argues that they cover all local states. We show that asynchronous programs often have almostsynchronous invariants and that we can exploit this to build natural proofs that they are correct. We implement our reduction strategy, which is sound and complete, and show that it is more effective in proving programs correct as well as more efficient in finding bugs in several programs, compared to current search strategies which almost always diverge. The high point of our experiments is that our technique can prove the Windows Phone USB Driver written in P [9] correct for the responsiveness property, which was hitherto not provable using stateoftheart modelcheckers.
Automating proofs of datastructure properties in imperative programs
 CoRR
"... We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterpreted. However, proof obligations from verifying programs with iterative loops and multiple function calls often do not succumb to this paradigm. Our contribution is a proof method which – beyond U+M – performs automatic formula rewriting by treating previously encountered obligations in each proof path as possible induction hypotheses. This enables us, for the first time, to systematically reason about a wide range of obligations, arising from practical program verification. We demonstrate the power of our proof rules on commonly used lemmas, thereby close the remaining gaps in existing stateoftheart systems. Another impact, probably more important, is that our method regains the power of compositional reasoning, and shows that the usage of userprovided lemmas is no longer needed for the existing set of benchmarks. This not only removes the burden of coming up with the appropriate lemmas, but also significantly boosts up the verification process, since lemma applications, coupled with unfolding, often induce very large search space. 1.
Disproving Inductive Entailments in Separation Logic via Base Pair Approximation
"... Abstract. We give a procedure for establishing the invalidity of logical entailments in the symbolic heap fragment of separation logic with userdefined inductive predicates, as used in program verification. This disproof procedure attempts to infer the existence of a countermodel to an entailment ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We give a procedure for establishing the invalidity of logical entailments in the symbolic heap fragment of separation logic with userdefined inductive predicates, as used in program verification. This disproof procedure attempts to infer the existence of a countermodel to an entailment by comparing computable model summaries, a.k.a. bases (modified from earlier work), of its antecedent and consequent. Our method is sound and terminating, but necessarily incomplete. Experiments with the implementation of our disproof procedure indicate that it can correctly identify a substantial proportion of the invalid entailments that arise in practice, at reasonably low time cost. Accordingly, it can be used, e.g., to improve the output of theorem provers by returning “no ” answers in addition to “yes ” and “unknown ” answers to entailment questions, and to speed up proof search or automated theory exploration by filtering out invalid entailments. 1
On Automated Lemma Generation for Separation Logic with Inductive Definitions?
"... Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a n ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a novel approach for generating these lemmas automatically which is based on simple syntactic criteria and deterministic strategies for applying them. Our approach focuses on iterative programs, although it can be applied to recursive programs as well, and specifications that describe not only the shape of the data structures, but also their content or their size. Empirically, we find that our approach is powerful enough to deal with sophisticated benchmarks, e.g., iterative procedures for searching, inserting, or deleting elements in sorted lists, binary search tress, redblack trees, and AVL trees, in a very efficient way. 1
Abstractionguided Runtime Checking of Assertions on Lists
"... Abstract. We investigate ways to specify and check, at runtime, assertions that express properties of dynamically manipulated linkedlist data structures. Checking an assertion involving whether pointers point to a valid linked list and separation properties of these lists typically requires linea ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We investigate ways to specify and check, at runtime, assertions that express properties of dynamically manipulated linkedlist data structures. Checking an assertion involving whether pointers point to a valid linked list and separation properties of these lists typically requires linear or even quadratic time on the size of the heap. Our main contribution is a way to scale this checking by orders of magnitude, using a novel idea called abstractionguided runtime checking, whereby we maintain an accurate abstraction of the dynamic heap by utilizing the evolving runtime state, and where the abstraction helps in checking the runtime assertions much faster. We develop this synergistic combination of abstractions and runtime checking for lists, listsegments, and their separation, implement it, and show the tremendous performance gains it yields. In particular, when lists are manipulated using library functions, maintenance of the abstraction is within the libraries and yields constant runtime checking of assertions in the client code. We show that, as the number of assertions get frequent and the data structures get large, abstractionguided runtime checking, which includes maintenance of the abstraction and the runtime checks, gives close to constanttime per assertion overhead in practice. 1
Certified Reasoning with Infinity
"... Abstract. We demonstrate how infinities improve the expressivity, power, readability, conciseness, and compositionality of a program logic. We prove that adding infinities to Presburger arithmetic enables these improvements without sacrificing decidability. We develop Omega++, a Coqcertified deci ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We demonstrate how infinities improve the expressivity, power, readability, conciseness, and compositionality of a program logic. We prove that adding infinities to Presburger arithmetic enables these improvements without sacrificing decidability. We develop Omega++, a Coqcertified decision procedure for Presburger arithmetic with infinity and benchmark its performance. Both the program and proof of Omega++ are parameterized over userselected semantics for the indeterminate terms (such as 0 *∞). 1
act * AEC Model Checking for SymbolicHeap Separation Logic with Inductive Predicates
"... ns iste nt * Complete * W ell D ocumented*Easyto ..."
(Show Context)