Low-level liquid types

We present Low-Level Liquid Types , a refinement type system for C based on Liquid Types . Low-Level Liquid Types combine refinement types with three key elements to automate verification of critical safety properties of low-level programs: First, by associating refinement types with individual heap locations and precisely tracking the locations referenced by pointers, our system is able to reason about complex invariants of in-memory data structures and sophisticated uses of pointer arithmetic. Second, by adding constructs which allow strong updates to the types of heap locations, even in the presence of aliasing, our system is able to verify properties of in-memory data structures in spite of temporary invariant violations. By using this strong update mechanism, our system is able to verify the correct initialization of newly-allocated regions of memory. Third, by using the abstract interpretation framework of Liquid Types, we are able to use refinement type inference to automatically verify important safety properties without imposing an onerous annotation burden. We have implemented our approach in CSOLVE, a tool for Low-Level Liquid Type inference for C programs. We demonstrate through several examples that CSOLVE is able to precisely infer complex invariants required to verify important safety properties, like the absence of array bounds violations and null-dereferences, with a minimal annotation overhead.

[1]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[2]  Ranjit Jhala,et al.  Type-based data structure verification , 2009, PLDI '09.

[3]  Matthew Fluet,et al.  A Linear Language with Locations , 2007 .

[4]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[5]  Alan J. Hu,et al.  An Inference-Rule-Based Decision Procedure for Verification of Heap-Manipulating Programs with Mutable Data and Cyclic Data Structures , 2007, VMCAI.

[6]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[7]  Aleksandar Nanevski,et al.  Ynot : Reasoning with the Awkward Squad , 2008 .

[8]  Chao Wang,et al.  Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop , 2006, CAV.

[9]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[10]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[11]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[12]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[13]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[14]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[15]  J. Gregory Morrisett,et al.  L3: A Linear Language with Locations , 2007, Fundam. Informaticae.

[16]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[17]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[18]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[19]  Shuvendu K. Lahiri,et al.  Unifying type checking and property checking for low-level code , 2009, POPL '09.

[20]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[21]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[22]  George C. Necula,et al.  CCured in the real world , 2003, PLDI '03.

[23]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[24]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[25]  George C. Necula,et al.  Dependent Types for Low-Level Programming , 2007, ESOP.

[26]  David Walker,et al.  Alias Types for Recursive Data Structures , 2000, Types in Compilation.

[27]  Hongwei Xi,et al.  Safe Programming with Pointers Through Stateful Views , 2005, PADL.

[28]  David Walker,et al.  Dynamic Typing with Dependent Types , 2004, IFIP TCS.

[29]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[30]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[31]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[32]  Alexander Aiken,et al.  Checking and inferring local non-aliasing , 2003, PLDI '03.

[33]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[34]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[35]  Joël Ouaknine,et al.  Automated Compositional Abstraction Refinement for Concurrent C Programs: A Two-Level Approach , 2003, SoftMC@CAV.