dafny an automatic program verifier for functional correctness
Download
Skip this Video
Download Presentation
Dafny An automatic program verifier for functional correctness

Loading in 2 Seconds...

play fullscreen
1 / 15

Dafny An automatic program verifier for functional correctness - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on

Dafny An automatic program verifier for functional correctness. K. Rustan M. Leino Research in Software Engineering ( RiSE ) Microsoft Research, Redmond. LPAR-16 Dakar, Senegal 27 April 2010. Program verification. traditional mechanical program verification. Dafny and others.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Dafny An automatic program verifier for functional correctness' - moses


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
dafny an automatic program verifier for functional correctness

DafnyAn automatic program verifierfor functional correctness

K. Rustan M. Leino

Research in Software Engineering (RiSE)

Microsoft Research, Redmond

LPAR-16

Dakar, Senegal

27 April 2010

program verification
Program verification

traditional mechanical program verification

Dafnyand others

functional correctness

extended static checking

limited checking

automaticdecision procedures

(SMT solvers)

interactiveproof assistants

K. Rustan M. Leino

user interaction
User interaction

Program oriented:

invariants, assertions, …

Formula oriented:

theorem-prover commands, tactics

K. Rustan M. Leino

dafny

Dafny

demo

Binary search

dafny5
Dafny
  • Object-based language
    • generic classes, no subclassing
    • object references, dynamic allocation
    • sequential control
  • Built-in specifications
    • pre- and postconditions
    • framing
    • loop invariants, inline assertions
    • termination
  • Specification support
    • Sets, sequences, algebraic datatypes
    • User-defined functions
    • Ghost variables

K. Rustan M. Leino

top level grammar
Top-level grammar
  • Program ::= Type*
  • Type ::= Class | Datatype
  • Class ::= class Name { Member* }
  • Member ::= Field | Method | Function
  • Datatype ::= datatype Name { Constructor* }
  • Generic (that is, accepts type parameters)

K. Rustan M. Leino

types
Types
  • Booleans
  • Mathematical integers
  • Finite sets
  • Sequences
  • Class types
  • Algebraic datatypes

K. Rustan M. Leino

dafny8

Dafny

demo

Calculator

verification architecture
Verification architecture

Dafny

Spec#

Java BML

Region Logic

C(VCC)

C (HAVOC)

Chalice

Eiffel

Boogie

Simplify

Z3

SMT Lib

K. Rustan M. Leino

dafny boogie vc

Dafny, Boogie, VC

demo

From Dafny to verification-condition formulas

axiomatizing functions
Axiomatizing functions
  • function F(x: T): U … { Body }
    • (x  F(x) = Body)
  • datatype Tree { Leaf(int); Split(Tree,Tree); }

function G(x: Tree): U …{ match xcase Leaf(n)  ncase Split(a,b) G(a) + G(b) }

    • (t G(t) = if … else G(left(t)) + G(right(t)))
    • (n  G(Leaf(n)) = n)
    • (a,b G(Split(a,b)) = G(a) + G(b))

K. Rustan M. Leino

dafny12

Dafny

root

demo

prev

current

Schorr-Waite algorithm

verifying termination
Verifying termination
  • Functions
  • Loops
  • Methods
  • decreases clause
    • lexicographic tuple
    • components of tuple can be of any types
    • to compare, consider longest commonly typed prefix of the lexicographic tuple

K. Rustan M. Leino

dafny14

Dafny

demo

Using a program to prover a theorem

conclusions
Conclusions
  • Full functional-correctness verification is becoming more automatic
  • Interaction is moving closer to the problem domain
  • A well-designed language and verifier,plus a great SMT solver, go a long way

Dafny (and Boogie) open source: boogie.codeplex.com

K. Rustan M. Leino

ad