Program Verification by Coinduction

Moore, B.; Peña, Lucas; Roşu, Grigore

doi:10.1007/978-3-319-89884-1_21

Cited by 15 publications

(19 citation statements)

References 44 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another feature that distinguishes us from existing works (with the only notable exception of [16]) is that our approach is completely based on Coq's interactive theorem proving, whereas our colleagues sometimes prove the soundness of their RL proof systems in Coq [9,17], but afterwards leave the Coq environment and implement their proof systems as automatic program verifiers. Thus, verification in our case is less automatic, but it is more trustworthy 1 .…”

Section: Introductionmentioning

confidence: 99%

Proving partial-correctness and invariance properties of transition-system models

Rusu

Grimaud

Hauspie

2020

Science of Computer Programming

View full text Add to dashboard Cite

We propose an approach for proving partial-correctness and invariance properties of transition systems, and illustrate it on a model of a security hypervisor. Regarding partial correctness, we generalise the recently introduced formalism of Reachability Logic, currently used as a language-parametric logic for programs, to transition systems. We propose a coinductive proof system for the resulting logic, which can be seen as performing an "infinite symbolic execution" of the transition-system model under verification. We embed the proof system in the Coq proof assistant and formally prove its soundness and completeness. The soundness result provides us with a Coq-certified Reachability-Logic prover for transition-system models. The completeness result, although more theoretical in nature, also has a practical value, as it suggests a proof strategy that is able to deal with all valid formulas on a given transition system. The complete proof strategy reduces partial correctness to invariance. For the latter we propose an incremental verification technique for dealing with the case-explosion problem that is known to affect it. All these combined techniques were instrumental in enabling us to prove, within reasonable time and effort limits, that the nontrivial algorithm implemented in a simple hypervisor that we designed in earlier work meets its expected functional requirements.

show abstract

Section: Introductionmentioning

confidence: 99%

Proving partial-correctness and invariance properties of transition-system models

Rusu

Grimaud

Hauspie

2020

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…MatchC also uses the formalism of Reachability Logic for program specifications; the MatchC tool implementation, is, however, dedicated to a subset of C. The main difference with our approach is that we emphasise on bridging the gap between theory and implementation (from an initial, abstract definition of symbolic execution to its extension for program verification, then to its encoding by rewriting and finally to its implementation in code), whereas in the MatchC tool it does not focus on intermediary steps between theory (a language-independent deductive system) and code implementing it for a subset of C. The same comparison holds between our approach and [13], in which a deductive system for a different version of RL is implemented for verifying programs written in a specific language. Since our approach of symbolic execution is founded on coinduction, it can also be seen as a bridge between the pure coinductive program verification techniques [30] and verification techniques based on operational semantics [13,40]. Java PathFinder [32] is a complex symbolic execution tool which uses a model checker to explore different symbolic execution paths.…”

Section: Introductionmentioning

confidence: 99%

A generic framework for symbolic execution: A coinductive approach

Lucanu

Rusu

Arusoaie

2017

Journal of Symbolic Computation

View full text Add to dashboard Cite

We propose a language-independent symbolic execution framework. The approach is parameterised by a language definition, which consists of a signature for the syntax and execution infrastructure of the language, a model interpreting the signature, and rewrite rules for the language's operational semantics. Then, symbolic execution amounts to computing symbolic paths using a derivative operation. We prove that the symbolic execution thus defined has the properties naturally expected from it, meaning that the feasible symbolic executions of a program and the concrete executions of the same program mutually simulate each other. We also show how a coinduction-based extension of symbolic execution can be used for the deductive verification of programs. We show how the proposed symbolic-execution approach, and the coinductive verification technique based on it, can be seamlessly implemented in language definition frameworks based on rewriting such as the K framework. A prototype implementation of our approach has been developed in K. We illustrate it on the symbolic analysis and deductive verification of nontrivial programs.

show abstract

“…Last but not least, the Coq formalisation provides us with a certified program-verification procedure. Its use in practice depends on the availability in Coq of RL-based semantics for languages; such an effort is already underway in the K team [10].…”

Section: Introductionmentioning

confidence: 99%

A Certified Procedure for RL Verification

Arusoaie¹,

Nowak²,

Rusu³

et al. 2017

2017 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)

View full text Add to dashboard Cite

Proving programs correct is hard. During the last decades computer scientists developed various logics dedicated to program verification. One such effort is Reachability Logic (RL): a language-parametric generalisation of Hoare Logic. Recently, based on RL, an automatic verification procedure was given and proved sound. In this paper we generalise this procedure and prove its soundness formally in the Coq proof assistant. For the formalisation we had to deal with all the minutiae that were neglected in the paper proof (i.e., an insufficient assumption, implicit hypotheses, and a missing case in the paper proof). The Coq formalisation provides us with a certified programverification procedure.

show abstract

Program Verification by Coinduction

Cited by 15 publications

References 44 publications

Proving partial-correctness and invariance properties of transition-system models

Proving partial-correctness and invariance properties of transition-system models

A generic framework for symbolic execution: A coinductive approach

A Certified Procedure for RL Verification

Contact Info

Product

Resources

About