Continuous Reasoning: Scaling the impact of formal methods

This paper describes work in continuous reasoning, where formal reasoning about a (changing) codebase is done in a fashion which mirrors the iterative, continuous model of software development that is increasingly practiced in industry. We suggest that advances in continuous reasoning will allow formal reasoning to scale to more programs, and more programmers. The paper describes the rationale for continuous reasoning, outlines some success cases from within industry, and proposes directions for work by the scientific community.

[1]  Brian Huffman,et al.  Continuous Formal Verification of Amazon s2n , 2018, CAV.

[2]  Victor R. Basili,et al.  Iterative and incremental developments. a brief history , 2003, Computer.

[3]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[4]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[5]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[6]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[9]  Roderick Chapman,et al.  Are We There Yet? 20 Years of Industrial Theorem Proving with SPARK , 2014, ITP.

[10]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[11]  Peter W. O'Hearn,et al.  Moving Fast with Software Verification , 2015, NFM.

[12]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[13]  Klaas-Jan Stol,et al.  Continuous software engineering: A roadmap and agenda , 2017, J. Syst. Softw..

[14]  Brian Huffman,et al.  Constructing Semantic Models of Programs with the Software Analysis Workbench , 2016, VSTTE.

[15]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[16]  A. Pnueli The Temporal Semantics of Concurrent Programs , 1979, Theor. Comput. Sci..

[17]  Yue Jia,et al.  Sapienz: multi-objective automated testing for Android applications , 2016, ISSTA.

[18]  Dawson R. Engler,et al.  Under-Constrained Symbolic Execution: Correctness Checking for Real Code , 2015, USENIX Annual Technical Conference.

[19]  Xinyu Feng,et al.  A Practical Verification Framework for Preemptive OS Kernels , 2016, CAV.

[20]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[21]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[22]  C. A. R. Hoare,et al.  The verifying compiler: A grand challenge for computing research , 2003, JACM.

[23]  Isil Dillig,et al.  Maximal specification synthesis , 2016, POPL.

[24]  Eran Yahav,et al.  Generating precise and concise procedure summaries , 2008, POPL '08.

[25]  Peter W. O'Hearn,et al.  Footprint Analysis: A Shape Analysis That Discovers Preconditions , 2007, SAS.

[26]  James R. Larus,et al.  Righting software , 2004, IEEE Software.

[27]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[28]  Andrew W. Appel,et al.  Verified Correctness and Security of OpenSSL HMAC , 2015, USENIX Security Symposium.

[29]  C. A. R. Hoare,et al.  Differential static analysis: opportunities, applications, and challenges , 2010, FoSER '10.

[30]  Adam Chlipala,et al.  Certifying a file system using crash hoare logic , 2017, Commun. ACM.

[31]  C. A. R. Hoare,et al.  Procedures and parameters: An axiomatic approach , 1971, Symposium on Semantics of Algorithmic Languages.

[32]  Andrew W. Appel,et al.  VST-Floyd: A Separation Logic Tool to Verify Correctness of C Programs , 2018, Journal of Automated Reasoning.

[33]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[34]  Dror G. Feitelson,et al.  Development and Deployment at Facebook , 2013, IEEE Internet Computing.

[35]  Shuvendu K. Lahiri,et al.  Angelic Verification: Precise Verification Modulo Unknowns , 2015, CAV.

[36]  Frits W. Vaandrager,et al.  Model learning , 2017, Commun. ACM.

[37]  Daniel Kroening,et al.  Counterexample-Guided Precondition Inference , 2013, ESOP.

[38]  K. Rustan M. Leino,et al.  Accessible Software Verification with Dafny , 2017, IEEE Softw..

[39]  Ioannis T. Kassios The dynamic frames theory , 2010, Formal Aspects of Computing.

[40]  Jim Woodcock,et al.  What can agile methods bring to high-integrity software development? , 2017, Commun. ACM.

[41]  Georg Struth,et al.  Hybrid process algebra , 2005, J. Log. Algebraic Methods Program..

[42]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[43]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[44]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[45]  Isil Dillig,et al.  Precise and compact modular procedure summaries for heap manipulating programs , 2011, PLDI '11.

[46]  Mathias Payer,et al.  Control-Flow Integrity , 2017, ACM Comput. Surv..

[47]  James C. King,et al.  A Program Verifier , 1971, IFIP Congress.

[48]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[49]  Roberto Giacobazzi,et al.  Abductive Analysis of Modular Logic Programs , 1994, J. Log. Comput..

[50]  Kenneth L. McMillan,et al.  Applications of Craig Interpolants in Model Checking , 2005, TACAS.

[51]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[52]  Dawn Xiaodong Song,et al.  BLITZ: Compositional bounded model checking for real-world programs , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[53]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[54]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[55]  Jim Woodcock,et al.  Verified software: a grand challenge , 2006, Computer.

[56]  Patrick Cousot,et al.  Automatic Inference of Necessary Preconditions , 2013, VMCAI.

[57]  Ciera Jaspan,et al.  Lessons from building static analysis tools at Google , 2018, Commun. ACM.

[58]  Benjamin Livshits,et al.  Just-in-time static analysis , 2016, ISSTA.

[59]  Mathias Payer,et al.  Automatic Contract Insertion with CCBot , 2017, IEEE Transactions on Software Engineering.

[60]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[61]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[62]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.