Using SMT solvers to verify high-integrity programs

In this paper we report on our experiments in using the currently popular Smt (Sat Modulo Theories) solvers Yices [10] and Cvc3 [1] and the Simplify theorem prover [9] to discharge verification conditions (VCs) from programs written in the Spark language [5]. Spark is a subset of Ada used primarily in high-integrity systems in the aerospace, defence, rail and security industries. Formal verification of Spark programs is supported by tools produced by the UK company Praxis High Integrity Systems. These tools include a VC generator and an automatic prover for VCs. We find that Praxis's prover can prove more VCs than Yices, Cvc3 or Simplify because it can handle some relatively simple non-linear problems, though, by adding some axioms about division and modulo operators to Yices, Cvc3 and Simplify, we can narrow the gap. One advantage of Yices, Cvc3 and Simplify is their ability to produce counterexample witnesses to VCs that are not valid. This work is the first step in a project to increase the fraction of VCs from current Spark programs that can be proved automatically and to broaden the range of properties that can be automatically checked. For example, we are interested in improving support for non-linear arithmetic and automatic loop invariant generation.

[1]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[2]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[3]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[4]  Warren A. Hunt,et al.  Linear and Nonlinear Arithmetic in ACL2 , 2003, CHARME.

[5]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[6]  Carl-Johan H. Seger,et al.  An industrially effective environment for formal hardware verification , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[7]  Laura Kovács,et al.  An algorithm for automated generation of invariants for loops with conditionals , 2005, Seventh International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC'05).

[8]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[9]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[10]  Andrew Ireland,et al.  An Integrated Approach to High Integrity Software Verification , 2006, Journal of Automated Reasoning.

[11]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[12]  Yassine Lakhnech,et al.  Automatic Generation of Invariants , 1999, Formal Methods Syst. Des..

[13]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[14]  John M. Rushby,et al.  Harnessing Disruptive Innovation in Formal Verification , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[15]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[16]  Ben Wegbreit,et al.  The synthesis of loop predicates , 1974, CACM.

[17]  Thomas F. Melham,et al.  PROSPER - An Investigation into Software Architecture for Embedded Proof Engines , 2002, FroCoS.

[18]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[19]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[20]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[21]  Pablo A. Parrilo,et al.  Semidefinite programming relaxations for semialgebraic problems , 2003, Math. Program..

[22]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[23]  K. Rustan M. Leino,et al.  Loop Invariants on Demand , 2005, APLAS.

[24]  Johann Schumann,et al.  An Empirical Evaluation of Automated Theorem Provers in Software Certification , 2013, Int. J. Artif. Intell. Tools.

[25]  Ashish Tiwari,et al.  A Technique for Invariant Generation , 2001, TACAS.

[26]  Sharad Malik,et al.  The Quest for Efficient Boolean Satisfiability Solvers , 2002, CAV.

[27]  Henny B. Sipma,et al.  Non-linear loop invariant generation using Gröbner bases , 2004, POPL.

[28]  Harald Ganzinger,et al.  New directions in instantiation-based theorem proving , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[29]  Ashish Tiwari,et al.  An Algebraic Approach for the Unsatisfiability of Nonlinear Constraints , 2005, CSL.