Verified Resource Guarantees for Heap Manipulating Programs

Program properties that are automatically inferred by static analysis tools are generally not considered to be completely trustworthy, unless the tool implementation or the results are formally verified. Here we focus on the formal verification of resource guarantees inferred by automatic cost analysis. Resource guarantees ensure that programs run within the indicated amount of resources which may refer to memory consumption, to number of instructions executed, etc. In previous work we studied formal verification of inferred resource guarantees that depend only on integer data. In realistic programs, however, resource consumption is often bounded by the size of heap-allocated data structures. Bounding their size requires to perform a number of structural heap analyses. The contributions of this paper are (i) to identify what exactly needs to be verified to guarantee sound analysis of heap manipulating programs, (ii) to provide a suitable extension of the program logic used for verification to handle structural heap properties in the context of resource guarantees, and (iii) to improve the underlying theorem prover so that proof obligations can be automatically discharged.

[1]  Martin Hofmann,et al.  Amortized Resource Analysis with Polynomial Potential , 2010, ESOP.

[2]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[3]  Frank Piessens,et al.  An Automatic Verifier for Java-Like Programs Based on Dynamic Frames , 2008, FASE.

[4]  Karl Crary,et al.  Resource bound certification , 2000, POPL '00.

[5]  S. Genaim,et al.  The Acyclicity Inference of COSTA , 2010 .

[6]  Sumit Gulwani,et al.  SPEED: precise and efficient static estimation of program computational complexity , 2009, POPL '09.

[7]  Wolfram Schulte,et al.  FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20-24, 2011. Proceedings , 2011, FM.

[8]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[9]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[10]  Stefano Secci,et al.  Pair-Sharing Analysis of Object-Oriented Programs , 2005, SAS.

[11]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[12]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[13]  Elvira Albert,et al.  Cost Analysis of Java Bytecode , 2007, ESOP.

[14]  Reiner Hähnle,et al.  Verified resource guarantees using COSTA and KeY , 2011, PEPM '11.

[15]  Benjamin Weiß,et al.  Deductive verification of object-oriented software: dynamic frames, dynamic logic and predicate abstraction , 2011 .

[16]  Ricardo Peña-Marí,et al.  Certification of Safe Polynomial Memory Bounds , 2011, FM.

[17]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[18]  Thomas Ball,et al.  The Static Driver Verifier Research Platform , 2010, CAV.

[19]  George C. Necula,et al.  Proof-Carrying Code , 2011, Encyclopedia of Cryptography and Security.

[20]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[21]  Étienne Payet,et al.  A termination analyzer for Java bytecode based on path-length , 2010, TOPL.

[22]  Frank Wolter,et al.  Monodic fragments of first-order temporal logics: 2000-2001 A.D , 2001, LPAR.

[23]  Elvira Albert,et al.  Closed-Form Upper Bounds in Static Cost Analysis , 2011, Journal of Automated Reasoning.