dafny an automatic program verifier for functional correctness l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Dafny An automatic program verifier for functional correctness PowerPoint Presentation
Download Presentation
Dafny An automatic program verifier for functional correctness

Loading in 2 Seconds...

  share
play fullscreen
1 / 15
moses

Dafny An automatic program verifier for functional correctness - PowerPoint PPT Presentation

133 Views
Download Presentation
Dafny An automatic program verifier for functional correctness
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. DafnyAn automatic program verifierfor functional correctness K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond LPAR-16 Dakar, Senegal 27 April 2010

  2. Program verification traditional mechanical program verification Dafnyand others functional correctness extended static checking limited checking automaticdecision procedures (SMT solvers) interactiveproof assistants K. Rustan M. Leino

  3. User interaction Program oriented: invariants, assertions, … Formula oriented: theorem-prover commands, tactics K. Rustan M. Leino

  4. Dafny demo Binary search

  5. Dafny • Object-based language • generic classes, no subclassing • object references, dynamic allocation • sequential control • Built-in specifications • pre- and postconditions • framing • loop invariants, inline assertions • termination • Specification support • Sets, sequences, algebraic datatypes • User-defined functions • Ghost variables K. Rustan M. Leino

  6. Top-level grammar • Program ::= Type* • Type ::= Class | Datatype • Class ::= class Name { Member* } • Member ::= Field | Method | Function • Datatype ::= datatype Name { Constructor* } • Generic (that is, accepts type parameters) K. Rustan M. Leino

  7. Types • Booleans • Mathematical integers • Finite sets • Sequences • Class types • Algebraic datatypes K. Rustan M. Leino

  8. Dafny demo Calculator

  9. Verification architecture Dafny Spec# Java BML Region Logic C(VCC) C (HAVOC) Chalice Eiffel Boogie Simplify Z3 SMT Lib … K. Rustan M. Leino

  10. Dafny, Boogie, VC demo From Dafny to verification-condition formulas

  11. Axiomatizing functions • function F(x: T): U … { Body } • (x  F(x) = Body) • datatype Tree { Leaf(int); Split(Tree,Tree); } function G(x: Tree): U …{ match xcase Leaf(n)  ncase Split(a,b) G(a) + G(b) } • (t G(t) = if … else G(left(t)) + G(right(t))) • (n  G(Leaf(n)) = n) • (a,b G(Split(a,b)) = G(a) + G(b)) K. Rustan M. Leino

  12. Dafny root demo prev current Schorr-Waite algorithm

  13. Verifying termination • Functions • Loops • Methods • decreases clause • lexicographic tuple • components of tuple can be of any types • to compare, consider longest commonly typed prefix of the lexicographic tuple K. Rustan M. Leino

  14. Dafny demo Using a program to prover a theorem

  15. Conclusions • Full functional-correctness verification is becoming more automatic • Interaction is moving closer to the problem domain • A well-designed language and verifier,plus a great SMT solver, go a long way Dafny (and Boogie) open source: boogie.codeplex.com K. Rustan M. Leino