Cooperative Reasoning for Automatic Software Verification
Lead Research Organisation:
Heriot-Watt University
Department Name: S of Mathematical and Computer Sciences
Abstract
The proliferation of software across all aspects of modern life means that software failures can have significant economic, as well as social impact. The goal of being able to develop software that can be formally verified as correct with respect to its intended behaviour is therefore highly desirable. The foundations of such formal verification have a long anddistinguished history, dating back over fifty years. What hasremained more elusive are scalable verification tools that can deal with the complexities of software systems.However, times are changing, as reflected by a current renaissance within the formal software verification community -- both in industryas well as academia. A significant recent development has been Separation Logic, a logic which promotes scalable reasoning forpointer programs. Pointers are a powerful and widely usedprogramming mechanism, but developing and maintaining correctpointer programs is notoriously hard. In terms of verification tools, the majority of effort has gone into developing light-weight analysis techniques for separation logic, such as shape analysis. Shape analysis ignores the contentof data, focusing instead on how data is structured. While such light-weight properties can be extremely valuable to industry,ultimately a more comprehensive level of specification is calledfor, i.e. correctness specifications. For instance, the verificationof software libraries against agreed correctness standards couldprove highly valuable across a wide range of sectors. However,to verify such comprehensive specifications requires more heavy-weight analysis, i.e. theorem proving. Our proposal focuses on the development of tools which willsupport the automatic verification of correctness specificationswithin separation logic. In particular, we will investigate how light- and heavy-weight approaches can be optimally combined. We propose a cooperative approach, in which individual techniques combine their strengths, but crucially compensate for each other's weaknesses through the communication of partial results and failures. To achieve this level of cooperation we will use a theorem proving technique called proof planning, which has a proven track-record in building cooperative reasoning tools. We plan to combine the proof planning approach with existing off-the-shelf shape analysis tools developed by Peter O'Hearn's research group at Queen Mary University (London). Note that our cooperative approach will also enhance the existing shape analysis tools, i.e. make the tools extensible and thus more widely applicable. If our cooperative style of integration is successful, then it could have a significant impact on reducing the cost of developing highly reliable software.
Organisations
People |
ORCID iD |
Andrew Ireland (Principal Investigator) |
Publications
Maclean E
(2016)
Proof automation for functional correctness in separation logic
in Journal of Logic and Computation
Maclean E
(2011)
Formal Methods and Software Engineering
Description | Pointers are widely used in the construction of software systems, they provide a powerful mechanism for storing and manipulating data within programs. However, developing and maintaining correct programs that use pointers is notoriously hard. Adopting an integrated approach, our CORE (COoperative REasoning) project focused on the challenge of verifying the correctness of pointer programs. Building upon a relatively new and novel programming logic called separation logic, we investigated the mechanisation of verification proofs for pointer programs. Our goal was to develop techniques that support the automatic verification of so called functional properties of pointer programs. That is, proving that a program delivers correct results. This involves reasoning about both the structure and content of the data, as well as how it is manipulated during program execution. For a given functional property, the construction of the verification proofs will typically require the discovery of auxiliary properties, i.e. loop invariants and frame invariants. Such properties can be seen as expressing the inner workings of the program, and represent a major challenge to automatic program proof. Our research directly addressed this challenge by developing an integrated approach to automating proof search and property discovery. We complement other research in this area, in particular work on shape analysis which supports the verification of structural properties of pointer programs. Specifically we used the shape analysis work as the starting point for our research, and see it as an integrated part of our approach. In terms of achievements, the CORE Project: + Developed a proof search strategy which we call mutation. Based on a principle of difference reduction, the strategy was designed to handle the kinds of separation logic proof obligations which arise when reasoning about the functionality of pointer programs that involve iteration (loops) or recursion. + Developed a term synthesis technique for the automatic discovery of loop and frame invariants - properties that are essential when reasoning about programs that involve iteration and recursion respectively. + Developed the CORE planner, a light-weight planning engine that supports the application of proof strategies, such as mutation. The CORE planner is also designed to cooperate with term synthesis, shape analysis, proof checking and graph rewriting tools in order to support automatic functional verification. + Developed a prototype visualizer which allows us to graphically animate the execution of pointer programs specified in separation logic. While this was not part of our original work plan, it proved to be a very useful aid to debugging programs as well as an effective interface to separation logic. + Evaluated our integrated approach to automating the verification of functional properties on a set of examples drawn in part from the publicly available Smallfoot (shape analysis) corpus. Given that Smallfoot focuses purely on shape, we added functional specifications in the form of pre- and postconditions. We also explored challenge examples from the literature, such as the "frying pan" example. As well as the CORE system, we produced four refereed international workshop papers, and have a journal paper and a conference papers currently under review. During the CORE Project our research generated interest with ITI Techmedia, a Scottish Government sponsored technology transfer agency. Through a Software Integrity Engineering programme, we secured three ITI consultancy contracts which involved us in exploring the automatic verification of array bound properties within the Java programming language, and resulted in the development of a proof-of-concept prototype analysis tool. This was applied research, and while informed by our CORE Project, was quite distinct. |
Exploitation Route | Our approach complements the work of other verification researchers that are working on separation logic. The visualization aspect of the project has potential uses in teaching algorithms that manipulate pointers. |
Sectors | Digital/Communication/Information Technologies (including Software) Education |
URL | http://www.macs.hw.ac.uk/core/ |