Building a push-button RESOLVE verifier: Progress and challenges

A central objective of the verifying compiler grand challenge is to develop a push-button verifier that generates proofs of correctness in a syntax-driven fashion similar to the way an ordinary compiler generates machine code. The software developer’s role is then to provide suitable specifications and annotated code, but otherwise to have no direct involvement in the verification step. However, the general mathematical developments and results upon which software correctness is based may be established through a separate formal proof process in which proofs might be mechanically checked, but not necessarily automatically generated. While many ideas that could conceivably form the basis for software verification have been known “in principle” for decades, and several tools to support an aspect of verification have been devised, practical fully automated verification of full software behavior remains a grand challenge. This paper explains how RESOLVE takes a step towards addressing this challenge by integrating foundational and practical elements of software engineering, programming languages, and mathematical logic into a coherent framework. Current versions of the RESOLVE verifier generate verification conditions (VCs) for the correctness of component-based software in a modular fashion—one component at a time. The VCs are currently verified using automated capabilities of the Isabelle proof assistant, the SMT solver Z3, a minimalist rewrite prover, and some specialized decision procedures. Initial experiments with the tools and further analytic considerations show both the progress that has been made and the challenges that remain.

[1]  Wayne D. Heym Computer program verification: improvements for human reasoning , 1996 .

[2]  Benjamin W. Wah,et al.  Wiley Encyclopedia of Computer Science and Engineering , 2009, Wiley Encyclopedia of Computer Science and Engineering.

[3]  C. A. R. Hoare The Verifying Compiler, a Grand Challenge for Computing Research , 2005, VMCAI.

[4]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[5]  C. A. R. Hoare,et al.  Proof of Correctness of Data Representations (Reprint) , 2002, Software Pioneers.

[6]  Bruce W. Weide,et al.  Specification and Verification with References , 2001 .

[7]  Silvio Ghilardi,et al.  Decision procedures for extensions of the theory of arrays , 2007, Annals of Mathematics and Artificial Intelligence.

[8]  Murali Sitaraman,et al.  Integrating Math Units and Proof Checking for Specification and Verification , .

[9]  John Harrison,et al.  Formal Proof—Theory and Practice , 2008 .

[10]  Perry R. James,et al.  Total Correctness of Recursive Functions using JML 4 FSPV , 2008 .

[11]  David R. Cok Adapting JML to generic types and Java 1.6 , 2008 .

[12]  Gregory Kulczycki,et al.  Direct reasoning , 2004 .

[13]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[14]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[15]  J. Schwartz,et al.  Decision procedures for elementary sublanguages of set theory. I. Multi‐level syllogistic and some extensions , 1980 .

[16]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[17]  Bruce W. Weide,et al.  Experience report: using RESOLVE/C++ for commercial software , 2000, SIGSOFT '00/FSE-8.

[18]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[19]  Murali Sitaraman,et al.  Incremental Benchmarks for Software Verification Tools and Techniques , 2008, VSTTE.

[20]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[21]  Murali Sitaraman,et al.  On the Practical Need for Abstraction Relations to Verify Abstract Data Type Representations , 1997, IEEE Trans. Software Eng..

[22]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[23]  Bernhard K. Aichernig,et al.  A Proof Obligation Generator for VDM-SL , 1997, FME.

[24]  Heather K. Harton,et al.  A Case Study in Automated Verification , 2008 .

[25]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[26]  K. Rustan M. Leino,et al.  Flexible Immutability with Frozen Objects , 2008, VSTTE.

[27]  Stephen H. Edwards,et al.  Design and Specification of Iterators Using the Swapping Paradigm , 1994, IEEE Trans. Software Eng..

[28]  T LeavensGary,et al.  The verified software initiative , 2009 .

[29]  Vincenzo Cutello,et al.  Decision procedures for elementary sublanguages of set theory , 2004, Journal of Automated Reasoning.

[30]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[31]  James H. Fetzer Program verification: the very idea , 1988, CACM.

[32]  Andrei Voronkov,et al.  The design and implementation of VAMPIRE , 2002, AI Commun..

[33]  John Barnes,et al.  High Integrity Ada: The Spark Approach , 1997 .

[34]  K. Rustan M. Leino,et al.  Using the Spec# Language, Methodology, and Tools to Write Bug-Free Programs , 2008, LASER Summer School.

[35]  Viktor Kuncak,et al.  An integrated proof language for imperative programs , 2009, PLDI '09.

[36]  C. A. R. Hoare,et al.  The verified software initiative: A manifesto , 2009, CSUR.

[37]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1979, CACM.

[38]  Hartmut Ehrig,et al.  Formal specification , 2001 .

[39]  Peter H. Schmitt,et al.  Formal Specification , 2007, The KeY Approach.

[40]  Arnd Poetzsch-Heffter,et al.  Modular specification and verification techniques for object-oriented software components , 2000 .

[41]  T LeavensGary,et al.  Preliminary design of JML , 2006 .

[42]  Stephan Schulz System Abstract: E 0.61 , 2001, IJCAR.

[43]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[44]  Murali Sitaraman,et al.  Formal Program Verification , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[45]  Gregory Kulczycki,et al.  Reasoning about Software-Component Behavior , 2000, ICSR.

[46]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[47]  James C. King,et al.  A Program Verifier , 1971, IFIP Congress.

[48]  Murali Sitaraman,et al.  Generating Verified Java Components through RESOLVE , 2009, ICSR.

[49]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[50]  William F. Ogden,et al.  Modular Verification of Data Abstractions with Shared Realizations , 1994, IEEE Trans. Software Eng..

[51]  Zohar Manna,et al.  The calculus of computation - decision procedures with applications to verification , 2007 .

[52]  Gregory Kulczycki,et al.  A specification-based approach to reasoning about pointers , 2006 .

[53]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[54]  Murali Sitaraman,et al.  Foundations of component-based systems , 2000 .

[55]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[56]  Joan Krone,et al.  The role of verification in software reusability , 1988 .

[57]  Mark A. Hillebrand,et al.  The Verisoft Approach to Systems Verification , 2008, VSTTE.

[58]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[59]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[60]  Cliff B. Jones,et al.  The Early Search for Tractable Ways of Reasoning about Programs , 2003, IEEE Ann. Hist. Comput..

[61]  Simon L. Peyton Jones,et al.  Roadmap for enhanced languages and methods to aid verification , 2006, GPCE '06.

[62]  C. A. R. Hoare,et al.  Proof of correctness of data representations , 1972, Acta Informatica.

[63]  Wolfgang J. Paul,et al.  Towards the Formal Verification of a C0 Compiler: Code Generation and Implementation Correctnes , 2005, SEFM.

[64]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[65]  Peter Müller,et al.  Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[66]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[67]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[68]  Gregory Kulczycki,et al.  A specification-based approach to reasoning about pointers , 2006, SAVCBS '05.

[69]  Gary T. Leavens,et al.  Specification and verification challenges for sequential object-oriented programs , 2007, Formal Aspects of Computing.

[70]  Bruce W. Weide,et al.  Copying and Swapping: Influences on the Design of Reusable Software Components , 1991, IEEE Trans. Software Eng..

[71]  Murali Sitaraman,et al.  Verifying Component-Based Software: Deep Mathematics or Simple Bookkeeping? , 2009, ICSR.

[72]  Bruce Weide,et al.  Component-based software using RESOLVE , 1994, SOEN.