Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Trustworthy Automated Program Verifiers: Formally Validating Translations into an Intermediate Verification Language (extended version) (2404.03614v2)

Published 4 Apr 2024 in cs.PL

Abstract: Automated program verifiers are typically implemented using an intermediate verification language (IVL), such as Boogie or Why3. A verifier front-end translates the input program and specification into an IVL program, while the back-end generates proof obligations for the IVL program and employs an SMT solver to discharge them. Soundness of such verifiers therefore requires that the front-end translation faithfully captures the semantics of the input program and specification in the IVL program, and that the back-end reports success only if the IVL program is actually correct. For a verification tool to be trustworthy, these soundness conditions must be satisfied by its actual implementation, not just the program logic it uses. In this paper, we present a novel validation methodology that, given a formal semantics for the input language and IVL, provides formal soundness guarantees for front-end implementations. For each run of the verifier, we automatically generate a proof in Isabelle showing that the correctness of the produced IVL program implies the correctness of the input program. This proof can be checked independently from the verifier, in Isabelle, and can be combined with existing work on validating back-ends to obtain an end-to-end soundness result. Our methodology based on forward simulation employs several modularisation strategies to handle the large semantic gap between the input language and the IVL, as well as the intricacies of practical, optimised translations. We present our methodology for the widely-used Viper and Boogie languages. Our evaluation shows that it is effective in validating the translations performed by the existing Viper implementation.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (46)
  1. Andrew W. Appel and Sandrine Blazy. 2007. Separation Logic for Small-Step cminor. In Theorem Proving in Higher Order Logics, 20th International Conference, TPHOLs 2007, Kaiserslautern, Germany, September 10-13, 2007, Proceedings (Lecture Notes in Computer Science, Vol. 4732), Klaus Schneider and Jens Brandt (Eds.). Springer, 5–21. https://doi.org/10.1007/978-3-540-74591-4_3
  2. Leveraging Rust Types for Modular Specification and Verification. Proc. ACM Program. Lang. 3, OOPSLA, Article 147, 30 pages. https://doi.org/10.1145/3360573
  3. Automatically Verifying Typing Constraints for a Data Processing Language. In Certified Programs and Proofs (CPP), Jean-Pierre Jouannaud and Zhong Shao (Eds.). https://doi.org/10.1007/978-3-642-25379-9_22
  4. The VerCors Tool Set: Verification of Parallel and Concurrent Software. In Integrated Formal Methods (IFM), Nadia Polikarpova and Steve Schneider (Eds.). https://doi.org/10.1007/978-3-319-66845-1_7
  5. Sascha Böhme and Tjark Weber. 2010. Fast LCF-Style Proof Reconstruction for Z3. In Interactive Theorem Proving (ITP), Matt Kaufmann and Lawrence C. Paulson (Eds.). https://doi.org/10.1007/978-3-642-14052-5_14
  6. John Boyland. 2003. Checking Interference with Fractional Permissions. In Static Analysis (SAS), Radhia Cousot (Ed.). 55–72. https://doi.org/10.1007/3-540-44898-5_4
  7. SMACK software verification toolchain. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 - Companion Volume, Laura K. Dillon, Willem Visser, and Laurie A. Williams (Eds.). ACM, 589–592. https://doi.org/10.1145/2889160.2889163
  8. Secure Microkernels, State Monads and Scalable Refinement. In Theorem Proving in Higher Order Logics (TPHOLS), Otmane Aït Mohamed, César A. Muñoz, and Sofiène Tahar (Eds.). https://doi.org/10.1007/978-3-540-71067-7_16
  9. Joshua M. Cohen and Philip Johnson-Freyd. 2024. A Formalization of Core Why3 in Coq. Proc. ACM Program. Lang. 8, POPL, Article 60 (jan 2024), 30 pages. https://doi.org/10.1145/3632902
  10. Creusot: A Foundry for the Deductive Verification of Rust Programs. In International Conference on Formal Engineering Methods (ICFEM), Adrián Riesco and Min Zhang (Eds.), Vol. 13478. 90–105. https://doi.org/10.1007/978-3-031-17244-1_6
  11. Boogie developers. 2022. Monomorphization of polymorphic maps and binders. https://github.com/boogie-org/boogie/pull/669 Accessed March 19, 2024.
  12. Gradual C0: Symbolic Execution for Efficient Gradual Verification. CoRR abs/2210.02428 (2022). https://doi.org/10.48550/ARXIV.2210.02428 arXiv:2210.02428
  13. Marco Eilers and Peter Müller. 2018. Nagini: A Static Verifier for Python. In Computer Aided Verification (CAV), Hana Chockler and Georg Weissenbacher (Eds.). https://doi.org/10.1007/978-3-319-96145-3_33
  14. Modular Product Programs. In European Symposium on Programming (ESOP), Amal Ahmed (Ed.). https://doi.org/10.1007/978-3-319-89884-1_18
  15. SMTCoq: A Plug-In for Integrating SMT Solvers into Coq. In Computer Aided Verification (CAV), Rupak Majumdar and Viktor Kuncak (Eds.). https://doi.org/10.1007/978-3-319-63390-9_7
  16. Jean-Christophe Filliâtre and Andrei Paskevich. 2013. Why3 — Where Programs Meet Provers. In European Symposium on Programming (ESOP), Matthias Felleisen and Philippa Gardner (Eds.). https://doi.org/10.1007/978-3-642-37036-6_8
  17. Mathias Fleury and Hans-Jörg Schurr. 2019. Reconstructing veriT Proofs in Isabelle/HOL. In Workshop on Proof eXchange for Theorem Proving (PxTP), Giselle Reis and Haniel Barbosa (Eds.). https://doi.org/10.4204/EPTCS.301.6
  18. Quentin Garchery. 2021. A Framework for Proof-carrying Logical Transformations. In Workshop on Proof eXchange for Theorem Proving (PxTP), Chantal Keller and Mathias Fleury (Eds.). https://doi.org/10.4204/EPTCS.336.2
  19. Formally Verifying Optimizations with Block Simulations. Proc. ACM Program. Lang. 7, OOPSLA2, Article 224 (oct 2023), 30 pages. https://doi.org/10.1145/3622799
  20. Paolo Herms. 2013. Certification of a Tool Chain for Deductive Program Verification. (Certification d’une chaine de vérification déductive de programmes). Ph. D. Dissertation. University of Paris-Sud, Orsay, France. https://tel.archives-ouvertes.fr/tel-00789543
  21. Ioannis T. Kassios. 2006. Dynamic Frames: Support for Framing, Dependencies and Sharing Without Restrictions. In Formal Methods (FM), Jayadev Misra, Tobias Nipkow, and Emil Sekerinski (Eds.). https://doi.org/10.1007/11813040_19
  22. Frama-C: A software analysis perspective. Formal Aspects of Computing 27, 3 (2015), 573–609. https://doi.org/10.1007/s00165-014-0326-7
  23. Refinement in the Formal Verification of the seL4 Microkernel. In Design and Verification of Microprocessor Systems for High-Assurance Applications, David S. Hardin (Ed.). Springer, 323–339. https://doi.org/10.1007/978-1-4419-1539-9_11
  24. SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs. In Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings (Lecture Notes in Computer Science, Vol. 7358), P. Madhusudan and Sanjit A. Seshia (Eds.). Springer, 712–717. https://doi.org/10.1007/978-3-642-31424-7_54
  25. Akash Lal and Shaz Qadeer. 2014. Powering the static driver verifier using corral. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16 - 22, 2014, Shing-Chi Cheung, Alessandro Orso, and Margaret-Anne D. Storey (Eds.). ACM, 202–212. https://doi.org/10.1145/2635868.2635894
  26. Hermann Lehner and Peter Müller. 2007. Formal Translation of Bytecode into BoogiePL. Electronic Notes in Theoretical Computer Science 190, 1 (2007), 35–50. https://doi.org/10.1016/j.entcs.2007.02.059 Workshop on Bytecode Semantics, Verification, Analysis and Transformation (Bytecode 2007).
  27. K. Rustan M. Leino. 2008. This is Boogie 2. (2008). Available from http://research.microsoft.com/en-us/um/people/leino/papers/krml178.pdf.
  28. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), Edmund M. Clarke and Andrei Voronkov (Eds.). https://doi.org/10.1007/978-3-642-17511-4_20
  29. K. Rustan M. Leino and Philipp Rümmer. 2010. A Polymorphic Intermediate Verification Language: Design and Logical Encoding. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Javier Esparza and Rupak Majumdar (Eds.). https://doi.org/10.1007/978-3-642-12002-2_26
  30. Generating Proof Certificates for a Language-Agnostic Deductive Program Verifier. Proc. ACM Program. Lang. 7, OOPSLA1 (2023), 56–84. https://doi.org/10.1145/3586029
  31. Nancy A. Lynch and Frits W. Vaandrager. 1995. Forward and Backward Simulations: I. Untimed Systems. Inf. Comput. 121, 2 (1995), 214–233. https://doi.org/10.1006/inco.1995.1134
  32. Claude Marché and Yannick Moy. 2018. The Jessie plugin for Deductive Verification in Frama-C. http://krakatoa.lri.fr/jessie.pdf
  33. Viper: A Verification Infrastructure for Permission-Based Reasoning. In Verification, Model Checking, and Abstract Interpretation (VMCAI), Barbara Jobstmann and K. Rustan M. Leino (Eds.). https://doi.org/10.1007/978-3-662-49122-5_2
  34. Isabelle/HOL - A Proof Assistant for Higher-Order Logic. Lecture Notes in Computer Science, Vol. 2283. Springer. https://doi.org/10.1007/3-540-45949-9
  35. Matthew J. Parkinson and Alexander J. Summers. 2012. The Relationship Between Separation Logic and Implicit Dynamic Frames. Logical Methods in Computer Science 8, 3:01 (2012), 1–54. https://doi.org/10.2168/LMCS-8(3:1)2012
  36. Towards Trustworthy Automated Program Verifiers: Formally Validating Translations into an Intermediate Verification Language – Artifact. https://doi.org/10.5281/zenodo.10802175
  37. Formally Validating a Practical Verification Condition Generator. In Computer Aided Verification (CAV) (LNCS, Vol. 12760), Alexandra Silva and K. Rustan M. Leino (Eds.). 704–727. https://doi.org/10.1007/978-3-030-81688-9_33
  38. A Framework for the Automatic Formal Verification of Refinement from Cogent to C.. In Interactive Theorem Proving (ITP), Jasmin Christian Blanchette and Stephan Merz (Eds.). https://doi.org/10.1007/978-3-319-43144-4_20
  39. Implicit Dynamic Frames. Transactions on Programming Languages and Systems (TOPLAS) 34, 1, Article 2 (May 2012), 58 pages. https://doi.org/10.1145/2160910.2160911
  40. Jean-Baptiste Tristan and Xavier Leroy. 2008. Formal verification of translation validators: a case study on instruction scheduling optimizations. In Principles of Programming Languages (POPL), George C. Necula and Philip Wadler (Eds.). https://doi.org/10.1145/1328438.1328444
  41. Jean-Baptiste Tristan and Xavier Leroy. 2009. Verified validation of lazy code motion. In Programming Language Design and Implementation (PLDI), Michael Hind and Amer Diwan (Eds.). https://doi.org/10.1145/1542476.1542512
  42. A Machine Checked Soundness Proof for an Intermediate Verification Language. In Theory and Practice of Computer Science, Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM) (Lecture Notes in Computer Science, Vol. 5404), Mogens Nielsen, Antonín Kucera, Peter Bro Miltersen, Catuscia Palamidessi, Petr Tuma, and Frank D. Valencia (Eds.). Springer, 570–581. https://doi.org/10.1007/978-3-540-95891-8_51
  43. Stefan Wils and Bart Jacobs. 2023. Certifying C program correctness with respect to CH2O with VeriFast. CoRR abs/2308.15567 (2023). https://doi.org/10.48550/ARXIV.2308.15567 arXiv:2308.15567
  44. Mind the Gap. In Theorem Proving in Higher Order Logics (TPHOLS), Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.). https://doi.org/10.1007/978-3-642-03359-9_34
  45. Gobra: Modular Specification and Verification of Go Programs. In Computer Aided Verification (CAV), Alexandra Silva and K. Rustan M. Leino (Eds.). https://doi.org/10.1007/978-3-030-81685-8_17
  46. Sound Gradual Verification with Symbolic Execution. Proc. ACM Program. Lang. 8, POPL (2024), 2547–2576. https://doi.org/10.1145/3632927
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets