VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java

Jacobs, Bart; Smans, Jan; Philippaerts, Pieter; Vogels, Frédéric; Penninckx, Willem; Piessens, Frank

doi:10.1007/978-3-642-20398-5_4

Cited by 287 publications

(271 citation statements)

References 6 publications

Supporting

Mentioning

248

Contrasting

Order By: Relevance

“…To the best of our knowledge, our method so far is the only one that uses Dynamic Frames in the explicit form with permissions [1] and in this paper we have shown the necessary extensions and modifications to the Java Dynamic Logic (JDL) used in the KeY verifier to build a fully functional verification system for this combination. The existing approaches to (fractional) permissionbased reasoning with functional tools are based on Separation Logic (SL) [2] or Implicit Dynamic Frames (IDF) [4], e.g., our own VerCors toolset [5,18], VeriFast [25], Silicon [26], or Chalice [3].…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic Frames Based Verification Method for Concurrent Java Programs

Mostowski

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper we discuss a verification method for concurrent Java programs based on the concept of dynamic frames. We build on our earlier work that proposes a new, symbolic permission system for concurrent reasoning and we provide the following new contributions. First, we describe our approach for proving program specifications to be self-framed w.r.t. permissions, which is a necessary condition to maintain soundness in concurrent reasoning. Second, we show how we use predicates to provide modular and reusable specifications for program synchronisation points, like locks or forked threads. Our work primarily targets the KeY verification system with its specification language JML * and symbolic execution proving method. Hence, we also give the current status of the work on implementation and we discuss some examples that are verifiable with KeY.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Our client code (ls. [24][25] specifies that in the locked state it holds a complete write permission to val, while in the unlocked state it holds no permission at all. Note that in this case these two are not the binary opposites of each other, hence the need for the locked parameter in status.…”

Section: Modular Specifications For Synchronisersmentioning

confidence: 99%

Dynamic Frames Based Verification Method for Concurrent Java Programs

Mostowski

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…ProB [23] is an animator and model checker for B specifications that can detect deadlocks and invariant violations. The Verifast tool [24] provides support for verifying fractional permissions in a similar fashion to Plural. Validating temporal properties of software has been proposed in [25] and applied to Windows NT drivers.…”

Section: Related Workmentioning

confidence: 99%

A case study on the lightweight verification of a multi-threaded task server

Cataño

Ahmed²,

Siminiceanu

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

We present a case study of verifying the design of a commercial multi-threaded task server (MTTS), developed by the Novabase company, used for massively parallelising computational tasks. In a first stage, we employed the Plural tool, which is designed to perform lightweight verification of Java programs using a Data Flow Analysis (DFA) framework, to specify and verify the MTTS. We wrote the Plural specification for the MTTS based on the code developed by Novabase, its informal documentation, and our discussions with Novabase engineers, who validated our understanding of the MTTS application. The Plural specification language is based on typestates and access permissions. In a second stage, we developed the Pulse tool that enhances the analysis performed by Plural, and used the tool on the MTTS specifications. Pulse translates Plural specifications into an abstract state-machine model that captures the semantics of all the possible concurrent programs implementing the given specifications, and uses the evmdd-smc symbolic model-checker to verify the machine model. The experimental results on the MTTS specification show that the exhaustive model-checking approach scales reasonably well and is efficient at finding errors in specifications that were not previously detected with the Data Flow Analysis (DFA) capabilities of Plural.

show abstract

“…These connectives support modularity, though they complicate proof theory (they cannot be axiomatized [15]). Tools that support separation logic for static verification of programs include: VeriFAST [42], jStar [26], Slayer [11] and Smallfoot [10].…”

Section: Context-free Grammarsmentioning

confidence: 99%

Combining Monitoring with Run-Time Assertion Checking

Boer

Gouw

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. According to a study in 2002 commisioned by a US Department, software bugs annually costs the US economy an estimated $59 billion 1 . A more recent study in 2013 by Cambridge University estimated that the global cost has risen to $312 billion globally 2 .There exists various ways to prevent, isolate and fix software bugs, ranging from lightweight methods that are (semi)-automatic, to heavyweight methods that require significant user interaction. Our own method described in this tutorial is based on automated run-time checking of a combination of protocol-and data-oriented properties of object-oriented programs. Run-Time Checking of Object-Oriented ProgramsGiven a program and a specification, a run-time verifier inserts checks in the code that determine whether the specification is satisfied. The checks are triggered during an actual execution of the program. In contrast to static verification, where properties are checked with respect to all executions (possibly there are infinitely many), run-time checkers only consider a single execution of the program. There is a wide range of specification languages used in run-time verification. They can be partitioned into two categories: languages that focus on the control-flow (these approaches are also called "monitoring"), and those focussing on data-flow.As an example, one can use regular expressions to specify the order in which functions or methods in a program should be called [18]. Such specifications describe the control-flow of the program. Other formalisms for specifying controlflow are temporal logics, various kinds of automata and context-free grammars. For these formalisms, checking whether a given property holds of the current execution involves parsing a word (where the word is some representation of the trace of method calls in the current execution) in an automata. Generally only formalisms are chosen with a decidable parsing problem (in particular, this is the case for regular expressions, context-free grammars and most automata), so Approaches that specify data-flow usually do so by annotating the source code with assertions: logical formulas that must be true whenever control passes them. The formulas constrain the values of the program variables. If assertions are expressed in first-order logic with arithmetic, it is in general undecidable due to unbounded quantification (i.e. ranging over an infinite number of values) whether the assertion is true, thus usually the assertions are restricted in some way. For instance, Java contains an assert-statement which restricts to quantifier-free formulas (i.e. Boolean expressions). Design by Contract [53] provides a systematic way of using assertions to specify classes, interfaces and methods with respectively class invariants and pre-and postconditions. It was first used in the programming language Eiffel, and subsequently has also been applied to many other programming languages. For example, JML [14] is one of the most popular specification languages for Java and supports Design by Contract. JML...

show abstract

VeriFast: A Powerful, Sound, Predictable, Fast Verifier for C and Java

Cited by 287 publications

References 6 publications

Dynamic Frames Based Verification Method for Concurrent Java Programs

Dynamic Frames Based Verification Method for Concurrent Java Programs

A case study on the lightweight verification of a multi-threaded task server

Combining Monitoring with Run-Time Assertion Checking

Contact Info

Product

Resources

About