An integrated proof language for imperative programs

We present an integrated proof language for guiding the actions of multiple reasoning systems as they work together to prove complex correctness properties of imperative programs. The language operates in the context of a program verification system that uses multiple reasoning systems to discharge generated proof obligations. It is designed to 1) enable developers to resolve key choice points in complex program correctness proofs, thereby enabling automated reasoning systems to successfully prove the desired correctness properties; 2) allow developers to identify key lemmas for the reasoning systems to prove, thereby guiding the reasoning systems to find an effective proof decomposition; 3) enable multiple reasoning systems to work together productively to prove a single correctness property by providing a mechanism that developers can use to divide the property into lemmas, each of which is suitable for a different reasoning system; and 4) enable developers to identify specific lemmas that the reasoning systems should use when attempting to prove other lemmas or correctness properties, thereby appropriately confining the search space so that the reasoning systems can find a proof in an acceptable amount of time. The language includes a rich set of declarative proof constructs that enables developers to direct the reasoning systems as little or as much as they desire. Because the declarative proof statements are embedded into the program as specialized comments, they also serve as verified documentation and are a natural extension of the assertion mechanism found in most program verification systems. We have implemented our integrated proof language in the context of a program verification system for Java and used the resulting system to verify a collection of linked data structure implementations. Our experience indicates that our proof language makes it possible to successfully prove complex program correctness properties that are otherwise beyond the reach of automated reasoning systems.

[1]  Jean-Christophe Filliâtre,et al.  Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[2]  Stephan Schulz,et al.  E - a brainiac theorem prover , 2002, AI Commun..

[3]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[4]  Viktor Kuncak,et al.  Crosscutting techniques in program specification and analysis , 2005, AOSD '05.

[5]  Konstantinos Arkoudas Denotational proof languages , 2000 .

[6]  Viktor Kuncak,et al.  In-Place Refinement for Effect Checking , 2003 .

[7]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[8]  Bengt Nordström,et al.  Programming in Martin-Lo¨f's type theory: an introduction , 1990 .

[9]  Viktor Kuncak,et al.  Modular Pluggable Analyses for Data Structure Consistency , 2006, IEEE Transactions on Software Engineering.

[10]  Markus Wenzel,et al.  Isabelle, Isar - a versatile environment for human readable formal proof documents , 2002 .

[11]  Yuri Gurevich,et al.  Logic in Computer Science , 1993, Current Trends in Theoretical Computer Science.

[12]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[13]  Viktor Kuncak,et al.  Existential Heap Abstraction Entailment Is Undecidable , 2003, SAS.

[14]  Bart Jacobs,et al.  The LOOP Compiler for Java and JML , 2001, TACAS.

[15]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[16]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[17]  Piotr Rudnicki,et al.  On Equivalents of Well-Foundedness , 1999, Journal of Automated Reasoning.

[18]  Amir Pnueli,et al.  Shape Analysis by Predicate Abstraction , 2005, VMCAI.

[19]  Patrick Lam,et al.  The Hob system for verifying software design properties , 2007 .

[20]  Viktor Kuncak,et al.  Verifying a File System Implementation , 2004, ICFEM.

[21]  Viktor Kuncak,et al.  Modular data structure verification , 2007 .

[22]  Thierry Coquand,et al.  The Calculus of Constructions , 1988, Inf. Comput..

[23]  Robert S. Boyer,et al.  Integrating decision procedures into heuristic theorem provers: a case study of linear arithmetic , 1988 .

[24]  Christoph Weidenbach,et al.  Combining Superposition, Sorts and Splitting , 2001, Handbook of Automated Reasoning.

[25]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[26]  Cesare Tinelli,et al.  The SMT-LIB Standard: Version 1.2 , 2005 .

[27]  Ralph-Johan Back,et al.  Refinement Calculus , 1998, Graduate Texts in Computer Science.

[28]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[29]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[30]  Lawrence C. Paulson,et al.  Translating higher-order problems to first-order clauses , 2006 .

[31]  Peter B. Andrews An introduction to mathematical logic and type theory - to truth through proof , 1986, Computer science and applied mathematics.

[32]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[33]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[34]  Gillier,et al.  Logic for Computer Science , 1986 .

[35]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[36]  Nikolaj Bjørner,et al.  Efficient E-Matching for SMT Solvers , 2007, CADE.

[37]  Neil Immerman,et al.  The Boundary Between Decidability and Undecidability for Transitive-Closure Logics , 2004, CSL.

[38]  Lawrence C. Paulson,et al.  Logic and computation - interactive proof with Cambridge LCF , 1987, Cambridge tracts in theoretical computer science.

[39]  Cesare Tinelli,et al.  Solving quantified verification conditions using satisfiability modulo theories , 2007, Annals of Mathematics and Artificial Intelligence.

[40]  Patrice Chalin,et al.  Integrating Static Checking and Interactive Verification: Supporting Multiple Theories and Provers in Verification , 2005, VSTTE.

[41]  Hongwei Xi,et al.  Dependent ML An approach to practical programming with dependent types , 2007, Journal of Functional Programming.

[42]  David Aspinall,et al.  Proof General: A Generic Tool for Proof Development , 2000, TACAS.

[43]  Peter Müller,et al.  Formal encoding of JML Level 0 specifications in Jive , 2007 .

[44]  Viktor Kuncak,et al.  Deciding Boolean Algebra with Presburger Arithmetic , 2006, Journal of Automated Reasoning.

[45]  Viktor Kuncak,et al.  Towards Efficient Satisfiability Checking for Boolean Algebra with Presburger Arithmetic , 2007, CADE.

[46]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[47]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP.