150 likes | 292 Views
Designing a type system for BoogiePL 2. K. Rustan M. Leino Microsoft Research, Redmond , WA. 10 Oct 2007 IFIP WG 2.3 meeting Santa Fe, NM. 10 Oct 2007 IFIP WG 2.3 meeting Santa Fe, NM. Boogie verifier architecture. C. Spec#. C. Spec# compiler. HAVOC. VerifiedC. MSIL. Translator.
E N D
Designing a type system for BoogiePL 2 K. Rustan M. Leino Microsoft Research, Redmond, WA 10 Oct 2007IFIP WG 2.3 meetingSanta Fe, NM 10 Oct 2007IFIP WG 2.3 meetingSanta Fe, NM
Boogie verifier architecture C Spec# C Spec# compiler HAVOC VerifiedC MSIL Translator BoogiePL Inference engine Static program verifier (Boogie) V.C. generator verification condition SMT solver (Z3) “correct” or list of errors
Modeling the heap • a := o.f • o.f := a • a := Heap[o,f] • a := select(Heap, o, f) • Heap[o,f] := a • Heap := Heap[o,f := a] • Heap := store(Heap, o, f, a)
Modeling records • a := r.f • r.f := a • a := r [ f ] • a := select(r, f) • r [ f ] := a • r := r [ f := a ] • r := store(r, f, a)
Select-of-store axioms • (r,f,g,a f = g select(store(r,f,a), g) = a) • (r,f,g,a f g select(store(r,f,a), g) = select(r,g))
Type system for intermediate verification language • Types find errors in translation • Some types are required by some provers (e.g., SMT Lib)
Type of heap • Heap: ref x Field Value • HeapBool: ref x Field boolHeapInt: ref x Field int… • Heap: . ref x Field
Type of records • type Record; • type Field ; • function select: . Record x Field • function store: . Record x Field x Record
Type of records (abbreviations) • type R; • type F; • function select: . R x F • function store: . R x F x R
Typed select-of-store axioms • (: type (r: R, f: F, g: F, a: f = g select(store(r,f,a), g) = a)) • (: type, : type (r: R, f: F, g: F, a: f g select(store(r,f,a), g) = select(r,g))) type error
Typed select-of-store axioms– type constraints • (: type (r: R, f: F, g: F, a: f = g select(store(r,f,a), g) = a)) • (: type (r: R, f: F, g: F, a: f g select(store(r,f,a), g) = select(r,g))) • (: type, : type | (r: R, f: F, g: F, a: select(store(r,f,a), g) = select(r,g)))
Typed select-of-store axioms – guarded types • (: type (r: R, f: F, g: F, a: f = g select(store(r,f,a), g) = a)) • (: type, : type (r: R, f: F, g: F, a: f g select(store(r,f,a), g) = select(r,g)))
Frame conditions • class C {int x; bool y;void M() modifiesthis.x, this.y; { … } • constx: Field int;const y: Field bool;procedure M(this: ref);modifies Heap;ensures(: type (o: ref, f: Field Heap[o,f] = old(Heap)[o,f] (o = this f = x) (o = this f = y) … )
Types and the theorem prover • How to generate verification conditions targeting a theorem prover whose input is • untyped formulas, or • multi-sorted formulas and has no direct support for • parametric polymorphism, • type constraints, • guarded types, • … ?
Summary • What types to include in BoogiePL 2? • How to type equality? • How to translate into more primitive type systems? • perhaps let this drive the other issues?