1 / 15

Dafny An automatic program verifier for functional correctness

Dafny An automatic program verifier for functional correctness. K. Rustan M. Leino Research in Software Engineering ( RiSE ) Microsoft Research, Redmond. LPAR-16 Dakar, Senegal 27 April 2010. Program verification. traditional mechanical program verification. Dafny and others.

moses
Download Presentation

Dafny An automatic program verifier for functional correctness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DafnyAn automatic program verifierfor functional correctness K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond LPAR-16 Dakar, Senegal 27 April 2010

  2. Program verification traditional mechanical program verification Dafnyand others functional correctness extended static checking limited checking automaticdecision procedures (SMT solvers) interactiveproof assistants K. Rustan M. Leino

  3. User interaction Program oriented: invariants, assertions, … Formula oriented: theorem-prover commands, tactics K. Rustan M. Leino

  4. Dafny demo Binary search

  5. Dafny • Object-based language • generic classes, no subclassing • object references, dynamic allocation • sequential control • Built-in specifications • pre- and postconditions • framing • loop invariants, inline assertions • termination • Specification support • Sets, sequences, algebraic datatypes • User-defined functions • Ghost variables K. Rustan M. Leino

  6. Top-level grammar • Program ::= Type* • Type ::= Class | Datatype • Class ::= class Name { Member* } • Member ::= Field | Method | Function • Datatype ::= datatype Name { Constructor* } • Generic (that is, accepts type parameters) K. Rustan M. Leino

  7. Types • Booleans • Mathematical integers • Finite sets • Sequences • Class types • Algebraic datatypes K. Rustan M. Leino

  8. Dafny demo Calculator

  9. Verification architecture Dafny Spec# Java BML Region Logic C(VCC) C (HAVOC) Chalice Eiffel Boogie Simplify Z3 SMT Lib … K. Rustan M. Leino

  10. Dafny, Boogie, VC demo From Dafny to verification-condition formulas

  11. Axiomatizing functions • function F(x: T): U … { Body } • (x  F(x) = Body) • datatype Tree { Leaf(int); Split(Tree,Tree); } function G(x: Tree): U …{ match xcase Leaf(n)  ncase Split(a,b) G(a) + G(b) } • (t G(t) = if … else G(left(t)) + G(right(t))) • (n  G(Leaf(n)) = n) • (a,b G(Split(a,b)) = G(a) + G(b)) K. Rustan M. Leino

  12. Dafny root demo prev current Schorr-Waite algorithm

  13. Verifying termination • Functions • Loops • Methods • decreases clause • lexicographic tuple • components of tuple can be of any types • to compare, consider longest commonly typed prefix of the lexicographic tuple K. Rustan M. Leino

  14. Dafny demo Using a program to prover a theorem

  15. Conclusions • Full functional-correctness verification is becoming more automatic • Interaction is moving closer to the problem domain • A well-designed language and verifier,plus a great SMT solver, go a long way Dafny (and Boogie) open source: boogie.codeplex.com K. Rustan M. Leino

More Related