8. Program Verification 8.5 Software verification tools
Discussion of refinement-based approach
•
Advantages:
I quite close to programming language and programmer
I special IDEs for programs, specifications and proofs
I can smoothly integrate powerful logics and dedicated automated techniques
•
Disadvantages:
I expensive solution
I not very flexible w.r.t. extensions
I meta-logical aspects cannot be handled
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 492
8. Program Verification 8.5 Software verification tools
Subsection 8.5.3
Extended static checking
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 493
8. Program Verification 8.5 Software verification tools
General approach
•
Programming-language-specific front end/development environment
•
Programming-language-specific specification language
•
Verification condition generator (VCG)
•
Automated prover to discharge the VCs
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 494
8. Program Verification 8.5 Software verification tools
Example systems
•
Spec#:
research.microsoft.com/en-us/projects/specsharp/I programming and specification language: Spec# (extension of C#)
I specific focus on modularity of specifications
I uses first-order ATP
I also supports dynamic checking
•
VeriFast:
people.cs.kuleuven.be/~bart.jacobs/verifast/I verifier for single-threaded and multi-threaded C and Java programs
I pre- and postconditions written in separation logic
I user guides the proofs by so-called “lemma functions”
I uses the SMT solver Z3
•
BLAST:
mtc.epfl.ch/software-tools/blast/I software model checker for C programs
I checking temporal safety properties
I usesCounterExample-Guided automaticAbstractionRefinement
I succeeds or provides a counterexample or fails
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 495
8. Program Verification 8.5 Software verification tools
Typical architecture for ESC
Boogie
Spec# tool architecture:
Spec# (annotated C#)
BoogiePL Spec# Compiler
Translator
VC Generator
Verification conditions Automated Theorem
Prover
Annotated CIL
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 496
8. Program Verification 8.5 Software verification tools
Discussion of extended static checking
•
Advantages:
I close to programming language and programmer
I good integration with normal IDEs
I in principle, no contact with the prover needed
•
Disadvantages:
I specifications less expressive (why?), in particular w.r.t. abstraction
I error messages can be tricky if checking fails
I helping the prover can get difficult
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 497
8. Program Verification 8.5 Software verification tools
Subsection 8.5.4
Specification and refinement
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 498
8. Program Verification 8.5 Software verification tools
General approach
•
Support the formal development from software models to programs
•
Relate software models on different levels of abstraction
•
Proof refinement properties by generating verification conditions
•
Possibly several provers to discharge the VCs (automated and/or interactive)
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 499
8. Program Verification 8.5 Software verification tools
Example systems
•
Event B:
www.event-b.org/I correctness by construction in the tradition of VDM
I system = software + environment: represented as transition systems
I B notation following the Z notation
I specific development and proof platform Rodin
I programs are generated from most concrete model
•
KIV:
www.informatik.uni-augsburg.de/lehrstuehle/swt/se/kiv/I formal systems development and interactive verification
I specification support:
I functional aspects: abstract data types and HOL
I state-based aspects: programs and abstract state machines
I supports various kinds of refinements
I sophisticated IDE for proof engineering
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 500
8. Program Verification 8.5 Software verification tools
Discussion
•
Software verification goes beyond program verification
•
Other interesting aspects:
I Correctness of software evolution steps
I Correctness of refactorings
I Correctness of compilers and programming tools
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 501
8. Program Verification 8.5 Software verification tools
Subsection 8.5.5
ATP: Automated theorem proving
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 502
8. Program Verification 8.5 Software verification tools
Techniques for automated verification
A rough classification:
The software verification tools use many techniques for automated proving, in particular:
•
Superposition provers (e.g., SPASS, E)
•
SMT solvers and model checkers (e.g., Z3, SPIN)
•
Abstract interpretation and abstraction refinement
©Arnd Poetzsch-Heffter et al. TU Kaiserslautern 503