Dependency Analysis of Functional Specifications with Algebraic Data Structures

Andreescu, Oana Fabiana; Jensen, Thomas; Lescuyer, Stéphane

doi:10.1007/978-3-319-25423-4_8

Cited by 5 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The procedure computes a correlation for f , which gives an upper bound of f 's effect. Then, it runs a dependency analysis [Andreescu et al 2015] for P, which gives a relation on states that preserves P. Finally, the procedure performs an inclusion test between the two relations using ⊑, to check that the changes performed by f preserve P. We considered the 28 system calls of ProvenCore and its 50 invariants (Fig. 17).…”

Section: Resultsmentioning

confidence: 99%

“…We present a general-purpose static dataflow analysis [Nielson et al 2010] for identifying equalities between parts of the input and output states, for programs written in a language used in the ProvenCore [Lescuyer 2015] development. ProvenCore is a project whose goal is the formal verification of a micro-kernel, starting from a high-level functional specification and refining it to an efficient implementation, that is eventually compiled to C. Starting from a set of atomic equality relations between basic values, we construct the abstract domain of correlations that describes relations between complex data-structures, including records, variants and arrays.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Inferring frame conditions with static correlation analysis

Andreescu

Jensen

Lescuyer³

et al. 2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

We introduce the abstract domain of correlations to denote equality relations between parts of inputs and outputs of programs. We formalise the theory of correlations, and mechanically verify their semantic properties. We design a static inter-procedural dataflow analysis for automatically inferring correlations for programs written in a first-order language equipped with algebraic data-types and arrays. The analysis, its precision and execution cost, have been evaluated on the code and functional specification of an industrial-size micro-kernel. We exploit the inferred correlations to automatically discharge two thirds of the proof obligations related to the preservation of invariants for this micro-kernel. Inferring Frame Conditions with Static Correlation Analysis 47:3 type state = / / States { procs: procs; / / the table of processes sched: sched } / / the scheduler s t a t e type procs = / / Process table array> type proc = / / Process descriptor { nr: int; / / process index regs: regs; / / r e g i s t e r s exe_name: string; / / name of executable ipc_status: ipc_status } / / IPC status type regs = / / Registers { r0: int; r1: int; r2: int; r3: int } type ipc_status = / / Process IPC statuses | Ready / / ready to run | Sleeping / / sleeping process | Sending (int dst)/ / blocked sending | Receiving (int src) / / blocked re ceiving type option = | Some (A x) | None type bool = | T | F type sched / / Scheduler s t a t e ( i m p l i c i t ) Fig. 1. Type definitions for the state of a minimalist OS.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Inferring frame conditions with static correlation analysis

Andreescu

Jensen

Lescuyer³

et al. 2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The properties they can verify are very expressive, but they do not scale to large programs like transformations. Possible constructor analysis [6] has been used to calculate the actual dependencies of a predicate and make flow-sensitive analyses more precise. This analysis works with complex data-types and arrays, but only captures the prefix of the target structures.…”

Section: Related Workmentioning

confidence: 99%

Verification of high-level transformations with inductive refinement types

et al. 2020

View full text Add to dashboard Cite

High-level transformation languages like Rascal include expressive features for manipulating large abstract syntax trees: first-class traversals, expressive pattern matching, backtracking and generalized iterators. We present the design and implementation of an abstract interpretation tool, Rabit, for verifying inductive type and shape properties for transformations written in such languages. We describe how to perform abstract interpretation based on operational semantics, specifically focusing on the challenges arising when analyzing the expressive traversals and pattern matching. Finally, we evaluate Rabit on a series of transformations (normalization, desugaring, refactoring, code generators, type inference, etc.) showing that we can effectively verify stated properties.

show abstract

“…The exact techniques employed are not very scalable, and encoding a complex 5 We only learned about this related work at a late stage transformation directly would not finish verifying even simple properties within reasonable time. Possible constructor analysis [5] has been used to calculate the actual dependencies of a predicate and make flow-sensitive analyses more precise. This is a type of shape analysis that works with complex data-types and arrays, but only captures the prefix of the target structures.…”

Section: Related Workmentioning

confidence: 99%