Interactive Verification of Call-by-Value Functional Programs

A mechanized proof of total correctness enables one to verify a program with utmost confidence. Yet, setting up a methodology for reasoning formally on nontrivial code written in a generalpurpose language has appeared to be a highly challenging task. In this paper, we propose a framework for modular verification of purely functional code. By embedding the syntax and semantics of a call-by-value functional language in a proof assistant, we are able to specify programs through lemmas describing their big-step behaviour, and to verify programs through proofs of such lemmas. Our framework imposes no restriction on the code, apart from its purity, and from a logical perspective is as expressive as the theorem prover being used. The practical result of this work is a technology for proving total correctness of pure Caml programs using the Coq proof assistant. We have applied our approach to fully specify and verify OCaml’s list library as well as a bytecode compiler and interpreter for mini-ML.

[1]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[2]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[3]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[4]  Hervé Grall,et al.  Coinductive big-step operational semantics , 2009, Inf. Comput..

[5]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[6]  Claude Marché,et al.  Multi-prover Verification of C Programs , 2004, ICFEM.

[7]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[8]  Yann Régis-Gianas,et al.  A Hoare Logic for Call-by-Value Functional Programs , 2008, MPC.

[9]  Yu Guo,et al.  An open framework for foundational proof-carrying code , 2007, TLDI '07.

[10]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[11]  Zhong Shao,et al.  Certified assembly programming with embedded code pointers , 2006, POPL '06.

[12]  Peter V. Homeier,et al.  Trustworthy Tools for Trustworthy Programs: A Verified Verification Condition Generator , 1994, TPHOLs.

[13]  Xinyu Feng,et al.  Modular verification of assembly code with stack-based control abstractions , 2006, PLDI '06.

[14]  Jean-Christophe Filliâtre,et al.  Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[15]  Arthur Charguéraud,et al.  Functional translation of a calculus of capabilities , 2008, ICFP 2008.

[16]  Lars Birkedal,et al.  Polymorphism and separation in hoare type theory , 2006, ICFP '06.

[17]  Conor McBride,et al.  The view from the left , 2004, Journal of Functional Programming.

[18]  M. Gordon Mechanizing Programming Logics in Higher Order Logic 1 , 1988 .

[19]  Arthur Charguéraud,et al.  Engineering formal metatheory , 2008, POPL '08.

[20]  Tobias Nipkow,et al.  Proving pointer programs in higher-order logic , 2005, Inf. Comput..

[21]  Aleksandar Nanevski,et al.  Ynot : Reasoning with the Awkward Squad , 2008 .