Auto-Active Proof of Red-Black Trees in SPARK

Formal program verification can guarantee that a program is free from broad classes of errors (like reads of uninitialized data and run-time errors) and that it complies with its specification. Tools such as SPARK make it cost effective to target the former in an industrial context, but the latter is much less common in industry, owing to the cost of specifying the behavior of programs and even more the cost of achieving proof of such specifications. We have chosen in SPARK to rely on the techniques of auto-active verification for providing cost effective formal verification of functional properties. These techniques consist in providing annotations in the source code that will be used by automatic provers to complete the proof. To demonstrate the potential of this approach, we have chosen to formally specify a library of red-black trees in SPARK, and to prove its functionality using auto-active verification. To the best of our knowledge, this is the most complex use of auto-active verification so far.

[1]  Yannick Moy,et al.  Static versus Dynamic Verification in Why3, Frama-C and SPARK 2014 , 2016, ISoLA.

[2]  Danfeng Zhang,et al.  Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[3]  Ian O'Neill,et al.  SPARK – A Language and Tool‐Set for High‐Integrity Software Development , 2013 .

[4]  Nadia Polikarpova,et al.  AutoProof: auto-active functional verification of object-oriented programs , 2015, International Journal on Software Tools for Technology Transfer.

[5]  Constantin Enea,et al.  On Automated Lemma Generation for Separation Logic with Inductive Definitions , 2015, ATVA.

[6]  Peter Lammich,et al.  The Isabelle Collections Framework , 2010, ITP.

[7]  Andrew W. Appel Efficient Verified Red-Black Trees , 2011 .

[8]  Jean-Christophe Filliâtre,et al.  Functors for Proofs and Programs , 2004, ESOP.

[9]  Claude Marché,et al.  Binary Heaps Formally Verified in Why3 , 2011 .

[10]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[11]  Nadia Polikarpova,et al.  A Fully Verified Container Library , 2015, FM.

[12]  Yannick Moy,et al.  Abstract Software Specifications and Automatic Proof of Refinement , 2016, RSSRail.

[13]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[14]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[15]  Arthur Charguéraud Program verification through characteristic formulae , 2010, ICFP '10.

[16]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[17]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[18]  Daniel Bruns Specification of Red-black Trees: Showcasing Dynamic Frames, Model Fields and Sequences , 2011 .

[19]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.