Using ACL2 in the Design of Efficient, Verifiable Data Structures for High-Assurance Systems

Verification of algorithms and data structures utilized in modern autonomous and semi-autonomous vehicles for land, sea, air, and space presents a significant challenge. Autonomy algorithms, e.g., route planning, pattern matching, and inference, are based on complex data structures such as directed graphs and algebraic data types. Proof techniques for these data structures exist, but are oriented to unbounded, functional realizations, which are not typically efficient in either space or time. Autonomous systems designers, on the other hand, generally limit the space and time allocations for any given function, and require that algorithms deliver results within a finite time, or suffer a watchdog timeout. Furthermore, high-assurance design rules frown on dynamic memory allocation, preferring simple array-based data structure implementations. In order to provide efficient implementations of high-level data structures used in autonomous systems with the high assurance needed for accreditation, we have developed a verifying compilation technique that supports the "natural" functional proof style, but yet applies to more efficient data structure implementations. Our toolchain features code generation to mainstream programming languages, as well as GPU-based and hardware-based realizations. We base the Intermediate Verification Language for our toolchain upon higher-order logic; however, we have used ACL2 to develop our efficient yet verifiable data structure design. ACL2 is particularly well-suited for this work, with its sophisticated libraries for reasoning about aggregate data structures of arbitrary size, efficient execution of formal specifications, as well as its support for "single-threaded objects" -- functional datatypes with imperative "under the hood" implementations. In this paper, we detail our high-assurance data structure design approach, including examples in ACL2 of common algebraic data types implemented using this design approach, proofs of correctness for those data types carried out in ACL2, as well as sample ACL2 implementations of relevant algorithms utilizing these efficient, high-assurance data structures.

[1]  Adam Chlipala,et al.  The bedrock structured programming system: combining generative metaprogramming and hoare logic in an extensible program verifier , 2013, ICFP.

[2]  David M. Russinoff,et al.  Modeling Algorithms in SystemC and ACL2 , 2014, ACL2.

[3]  Norbert Schirmer,et al.  Verification of sequential imperative programs in Isabelle-HOL , 2006 .

[4]  K. Rustan M. Leino,et al.  A Polymorphic Intermediate Verification Language: Design and Logical Encoding , 2010, TACAS.

[5]  Andrew P. Tolmach,et al.  From ML to Ada: Strongly-typed language interoperability via source translation , 1998, Journal of Functional Programming.

[6]  Konrad Slind,et al.  A High-Assurance, High-Performance Hardware-Based Cross-Domain System , 2016, SAFECOMP.

[7]  K. Rustan M. Leino Developing verified programs with dafny , 2013, ICSE 2013.

[8]  Robert S. Boyer,et al.  Single-Threaded Objects in ACL2 , 2002, PADL.

[9]  Magnus O. Myreen,et al.  Proof-producing translation of higher-order logic into pure and stateful ML , 2014, Journal of Functional Programming.

[10]  Magnus O. Myreen Formal verification of machine-code programs , 2011 .

[11]  David S. Hardin,et al.  Efficient, formally verifiable data structures using ACL2 single-threaded objects for high-assurance systems , 2009, ACL2 '09.

[12]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.

[13]  David S. Hardin Design and Verification of Microprocessor Systems for High-Assurance Applications , 2010 .

[14]  Andrew W. Appel,et al.  Program Logics for Certified Compilers , 2014 .

[15]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .

[16]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[17]  Hung Tuan Pham Verification of Recursive Data Types using abstractions , 2014 .

[18]  Patrice Chalin,et al.  Bakar Kiasan: Flexible Contract Checking for Critical Systems Using Symbolic Execution , 2011, NASA Formal Methods.

[19]  David S. Hardin,et al.  ACL2 Meets the GPU: Formalizing a CUDA-based Parallelizable All-Pairs Shortest Path Algorithm in ACL2 , 2013, ACL2.

[20]  Michael W. Whalen,et al.  Development of Security Software: A High Assurance Methodology , 2009, ICFEM.

[21]  P. J. Narayanan,et al.  Accelerating Large Graph Algorithms on the GPU Using CUDA , 2007, HiPC.

[22]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[23]  Gerwin Klein,et al.  Don't sweat the small stuff: formal verification of C code without the pain , 2014, PLDI.

[24]  Ramana Kumar,et al.  CakeML: a verified implementation of ML , 2014, POPL.