Practical Tactics for Verifying C Programs in Coq

Proof automation is essential for large scale proof development such as OS kernel verification. An effective approach is to develop tactics and SMT solvers to automatically prove verification conditions. However, for complex systems, it is almost impossible to achieve fully automated verification and human interactions are unavoidable. So the key challenge here is, on the one hand, to reduce manual proofs as much as possible, and on the other hand, to provide user-friendly error messages when the automated verification fails, so that users could adjust specifications or the code accordingly, or to do part of the proofs manually. In this paper we propose a set of practical tactics for verifying C programs in Coq, including both tactics for automatically proving separation logic assertions and ones for automatic verification condition generation. In particular, we develop special tactics for verifying programs manipulating singly-linked lists. Using our tactics we are able to verify several C programs with one-line proof script. Another key feature of our tactics is that, if the tactics fail, they allow users to easily locate problems causing the failure by looking into the remaining subgoals, which greatly improves the usability when human interaction is necessary.

[1]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2011, CACM.

[2]  Andrew McCreight,et al.  Practical Tactics for Separation Logic , 2009, TPHOLs.

[3]  Jean J. Labrosse Microc/OS-II , 1998 .

[4]  Lars Birkedal,et al.  Charge! - A Framework for Higher-Order Separation Logic in Coq , 2012, ITP.

[5]  Yu Guo,et al.  Certifying Low-Level Programs with Hardware Interrupts and Preemptive Threads , 2009, Journal of Automated Reasoning.

[6]  Xinyu Feng,et al.  Modular verification of assembly code with stack-based control abstractions , 2006, PLDI '06.

[7]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[8]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[9]  Thomas Tuerk,et al.  A separation logic framework for HOL , 2011 .

[10]  Andrew W. Appel,et al.  Program Logics for Certified Compilers , 2014 .

[11]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[12]  Andrew W. Appel,et al.  VeriSmall: Verified Smallfoot Shape Analysis , 2011, CPP.

[13]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[14]  David Delahaye,et al.  A Tactic Language for the System Coq , 2000, LPAR.

[15]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[16]  Erez Petrank,et al.  Automated verification of practical garbage collectors , 2009, POPL '09.

[17]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.