VCC [2] is an industrial-strength verification environment for low-level concurrent systems code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. VCC's verification methodology [4] allows global two-state invariants that restrict update of shared state and enforces simple, semantic conditions sufficient for checking those global invariants modularly. VCC works by translating C, via Boogie [1] intermediate verification language, to verification conditions handled by the Z3 [5] SMT solver.
The environment includes tools for monitoring proof attempts and constructing partial counterexample executions for failed proofs and has been used to verify functional correctness of tens of thousands of lines of Microsoft's Hyper-V virtualization platform and of SYSGOs embedded real-time operating system PikeOS.
In this talk, I am going to showcase various tools that come with VCC: the verifier itself, VCC Visual Studio plugin, and Boogie Verification Debugger. I am going to cover the basics of VCC's verification methodology on various examples: concurrency primitives, lock-free data-structures, and recursive data-structures.
The sources and binaries of VCC are available for non-commercial use at http://vcc.codeplex.com/. A tutorial [3] is also provided. VCC can be also tried online at http://rise4fun.com/Vcc.
[1]
Wolfram Schulte,et al.
Verifying Concurrent C Programs with VCC
,
2010
.
[2]
Wolfram Schulte,et al.
Local Verification of Global Invariants in Concurrent Programs
,
2010,
CAV.
[3]
Mark A. Hillebrand,et al.
VCC: A Practical System for Verifying Concurrent C
,
2009,
TPHOLs.
[4]
Bor-Yuh Evan Chang,et al.
Boogie: A Modular Reusable Verifier for Object-Oriented Programs
,
2005,
FMCO.
[5]
Frank D. Valencia,et al.
Formal Methods for Components and Objects
,
2002,
Lecture Notes in Computer Science.
[6]
Nikolaj Bjørner,et al.
Z3: An Efficient SMT Solver
,
2008,
TACAS.
[7]
Rajeev Alur,et al.
A Temporal Logic of Nested Calls and Returns
,
2004,
TACAS.
[8]
David Aspinall,et al.
Formalising Java's Data Race Free Guarantee
,
2007,
TPHOLs.