Results 1  10
of
16
VCC: A practical system for verifying concurrent C
 IN CONF. THEOREM PROVING IN HIGHER ORDER LOGICS (TPHOLS), VOLUME 5674 OF LNCS
"... VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof ..."
Abstract

Cited by 153 (21 self)
 Add to MetaCart
(Show Context)
VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof attempts and constructing partial counterexample executions for failed proofs. This paper motivates VCC, describes our verification methodology, describes the architecture of VCC, and reports on our experience using VCC to verify the Microsoft HyperV hypervisor.
Natural Proofs for Structure, Data, and Separation
"... We propose natural proofs for reasoning with programs that manipulate datastructures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of substructures. Natural proofs are a subclass of proofs that are amenable to completely autom ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
(Show Context)
We propose natural proofs for reasoning with programs that manipulate datastructures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of substructures. Natural proofs are a subclass of proofs that are amenable to completely automated reasoning, that provide sound but incomplete procedures, and that capture common reasoning tactics in program verification. We develop a dialect of separation logic over heaps, called Dryad, with recursive definitions that avoids explicit quantification. We develop ways to reason with heaplets using classical logic over the theory of sets, and develop natural proofs for reasoning using proof tactics involving disciplined unfoldings and formula abstractions. Natural proofs are encoded into decidable theories of firstorder logic so as to be discharged using SMT solvers. We also implement the technique and show that a large class of more than 100 correct programs that manipulate datastructures are amenable to full functional correctness using the proposed natural proof method. These programs are drawn from a variety of sources including standard datastructures, the SchorrWaite algorithm for garbage collection, a large number of lowlevel C routines from the Glib library and OpenBSD library, the Linux kernel, and routines from a secure verified OSbrowser project. Our work is the first that we know of that can handle such a wide range of full functional verification properties of heaps automatically, given pre/post and loop invariant annotations. We believe that this work paves the way for deductive verification technology to be used by programmers who do not (and need not) understand the internals of the underlying logic solvers, significantly increasing their applicability in building reliable systems.
C.: A theory of Cstyle memory allocation
 In: Proc. SMT
"... Abstract. This paper introduces the theory TH for reasoning about the correctness of memory access operations in the context of a Cstyle heap memory. The proposed approach makes a clear distinction between reasoning about the values stored in memory and checking whether access to a specific memory ..."
Abstract

Cited by 6 (6 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces the theory TH for reasoning about the correctness of memory access operations in the context of a Cstyle heap memory. The proposed approach makes a clear distinction between reasoning about the values stored in memory and checking whether access to a specific memory location is allowed. The theory provides support for malloc and free and is presented in the form of axioms that can be converted into conditional rewrite rules. It is also shown how TH can be used in a bounded model checker for C programs. 1
Constraintbased Program Reasoning with Heaps and Separation
"... Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraintbased) symbolic execution. We ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraintbased) symbolic execution. We present a sound and complete algorithm for solving quantifierfree (QF) Hformulae based on heap element propagation. An implementation of the Hsolver has been integrated into a Satisfiability Modulo Theories (SMT) framework. We experimentally evaluate the implementation against Verification Conditions (VCs) generated from symbolic execution of large (heap manipulating) programs. In particular, we mitigate the path explosion problem using subsumption via interpolation – made possible by the constraintbased encoding.
A Constraint Solver for Heaps with Separation
"... Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraintbased symbolic execution. For this we present a modes ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraintbased symbolic execution. For this we present a modest extension of Hoare Logic that inherits many of the benefits from Separation Logic, such as local reasoning, but encodes heap operations as Hformulae. Next we present a sound and complete solving algorithm for quantifierfree Hformulae, and an implementation that has been integrated into a Satisfiability Modulo Theories (SMT) framework. We experimentally evaluate the implementation against Verification Conditions (VCs) generated from symbolic execution of large programs. In particular, we mitigate the path explosion problem using subsumption via interpolation. 1
A Primer on Separation Logic (and Automatic Program Verification and Analysis)
"... Abstract. These are the notes to accompany a course at the Marktoberdorf PhD summer school in 2011. The course consists of an introduction to separation logic, with a slant towards its use in automatic program verification and analysis. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. These are the notes to accompany a course at the Marktoberdorf PhD summer school in 2011. The course consists of an introduction to separation logic, with a slant towards its use in automatic program verification and analysis.
Safe Asynchronous Multicore Memory Operations
"... Abstract—Asynchronous memory operations provide a means for coping with the memory wall problem in multicore processors, and are available in many platforms and languages, e.g., the Cell Broadband Engine, CUDA and OpenCL. Reasoning about the correct usage of such operations involves complex analysis ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Asynchronous memory operations provide a means for coping with the memory wall problem in multicore processors, and are available in many platforms and languages, e.g., the Cell Broadband Engine, CUDA and OpenCL. Reasoning about the correct usage of such operations involves complex analysis of memory accesses to check for races. We present a method and tool for proving memorysafety and racefreedom of multicore programs that use asynchronous memory operations. Our approach uses separation logic with permissions, and our tool automates this method, targeting a Clike core language. We describe our solutions to several challenges that arose in the course of this research. These include: syntactic reasoning domains, and utilization of an SMT solver. We demonstrate the feasibility of our approach experimentally by checking absence of DMA races on a set of programs drawn from the IBM Cell SDK. Index Terms—Software verification; Concurrent programs; Abstract interpretation; Automated theorem proving
Proceedings of the 9th International Workshop on Satisfiability Modulo Theories (SMT) 2011
, 2011
"... All rights reserved. ..."
(Show Context)