Results 1  10
of
18
Zeno: An automated prover for properties of recursive data structures
 In Cormac Flanagan and Barbara König, editors, Tools and Algorithms for the Construction and Analysis of Systems — 18th International Conference, TACAS 2012, volume 7214 of Lecture Notes in Computer Science
"... Abstract. Zeno is a new tool for the automatic generation of proofs of simple properties of functions over recursively defined data structures. It takes a Haskell program and an assertion as its goal and tries to contruct a proof for that goal. If successful, it converts the proof into Isabelle code ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Zeno is a new tool for the automatic generation of proofs of simple properties of functions over recursively defined data structures. It takes a Haskell program and an assertion as its goal and tries to contruct a proof for that goal. If successful, it converts the proof into Isabelle code. Zeno searches for a proof tree by iteratively reducing the goal into a conjunction of subgoals, terminating when all leaves are proven true. This process requires the exploration of many alternatives. We have adapted known, and developed new, heuristics for the reduction of the search space. Our new heuristics aim to promote the application of function definitions, and avoid the repetition of similar proof steps. We compare with the rippling based tool IsaPlanner and the industrial strength tool ACL2s on the basis of a test suite from the IsaPlanner website. We found that Zeno compared favourably with these tools both in terms of theorem proving power and speed. 1
HALO: Haskell to Logic through Denotational Semantics
"... Even welltyped programs can go wrong, by encountering a patternmatch failure, or simply returning the wrong answer. An increasinglypopular response is to allow programmers to write contracts that express semantic properties, such as crashfreedom or some useful postcondition. We study the static ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Even welltyped programs can go wrong, by encountering a patternmatch failure, or simply returning the wrong answer. An increasinglypopular response is to allow programmers to write contracts that express semantic properties, such as crashfreedom or some useful postcondition. We study the static verification of such contracts. Our main contribution is a novel translation to firstorder logic of both Haskell programs, and contracts written in Haskell, all justified by denotational semantics. This translation enables us to prove that functions satisfy their contracts using an offtheshelf firstorder logic theorem prover. 1.
Automating inductive proofs using theory exploration
 In Proceedings 24th International Conference on Automated Deduction (CADE24), LNCS
, 2013
"... Abstract. HipSpec is a system for automatically deriving and proving properties about functional programs. It uses a novel approach, combining theory exploration, counterexample testing and inductive theorem proving. HipSpec automatically generates a set of equational theorems about the available re ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract. HipSpec is a system for automatically deriving and proving properties about functional programs. It uses a novel approach, combining theory exploration, counterexample testing and inductive theorem proving. HipSpec automatically generates a set of equational theorems about the available recursive functions of a program. These equational properties make up an algebraic specification for the program and can in addition be used as a background theory for proving additional userstated properties. Experimental results are encouraging: HipSpec compares favourably to other inductive theorem provers and theory exploration systems. 1
On Induction for SMT Solvers
"... Abstract. Satisfiability modulo theory solvers are increasingly being used to solve quantified formulas over structures such as integers and term algebras. Quantifier instantiation combined with ground decision procedure alone is insufficient to prove many formulas of interest in such cases. We pre ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Satisfiability modulo theory solvers are increasingly being used to solve quantified formulas over structures such as integers and term algebras. Quantifier instantiation combined with ground decision procedure alone is insufficient to prove many formulas of interest in such cases. We present a set of techniques that introduce inductive reasoning into SMT solving algorithms that is sound with respect to the interpretation of structures in SMTLIB standard. The techniques include inductive strengthening of conjecture to be proven, as well as facility to automatically discover subgoals during an inductive proof, where subgoals themselves can be proven using induction. The techniques have been implemented in CVC4. Our experiments show that the developed techniques have good performance and coverage of a range of inductive reasoning problems. Our experiments also show the impact of different representations of natural numbers and quantifier instantiation techniques on the performance of inductive reasoning. Our solution is freely available in the CVC4 development repository. In addition its overall effectiveness, it has an advantage of accepting SMTLIB input and being integrated with other SMT solving techniques of CVC4. 1
Automating Theorem Proving with SMT
, 2013
"... The power and automation offered by modern satisfiabilitymodulotheories (SMT) solvers is changing the landscape for mechanized formal theorem proving. For instance, the SMTbased program verifier Dafny supports a number of proof features traditionally found only in interactive proof assistants, ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
The power and automation offered by modern satisfiabilitymodulotheories (SMT) solvers is changing the landscape for mechanized formal theorem proving. For instance, the SMTbased program verifier Dafny supports a number of proof features traditionally found only in interactive proof assistants, like inductive, coinductive, and declarative proofs. To show that proof tools rooted in SMT are growing up, this paper presents, using Dafny, a series of examples that illustrate how theorems are expressed and proved. Since the SMT solver takes care of many formal trivialities automatically, users can focus more of their time on the creative ingredients of proofs.
Computing with an SMT solver
, 2014
"... Abstract. Satisfiability modulo theories (SMT) solvers that support quantifier instantiations via matching triggers can be programmed to give practical support for userdefined theories. Care must be taken to avoid socalled matching loops, which may prevent termination of the solver. By design, suc ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Satisfiability modulo theories (SMT) solvers that support quantifier instantiations via matching triggers can be programmed to give practical support for userdefined theories. Care must be taken to avoid socalled matching loops, which may prevent termination of the solver. By design, such avoidance limits the extent to which the SMT solver is able to apply the definitions of userdefined functions. For some inputs to these functions, however, it is instead desireable to allow unadulterated use of the functions; in particular, if it is known that evaluation will terminate. This paper describes the program verifier Dafny’s SMT encoding of recursive userdefined functions. It then describes a novel encoding that, drawing on ideas from offline partial evaluation systems, lets the SMT solver evaluate “safe ” function applications while guarding against matching loops for others. 0
Verified Calculations
, 2013
"... Calculational proofs—proofs by stepwise formula manipulation—are praised for their rigor, readability, and elegance. It seems desirable to reuse this style, often employed on paper, in the context of mechanized reasoning, and in particular, program verification. This work leverages the power of SMT ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Calculational proofs—proofs by stepwise formula manipulation—are praised for their rigor, readability, and elegance. It seems desirable to reuse this style, often employed on paper, in the context of mechanized reasoning, and in particular, program verification. This work leverages the power of SMT solvers to machinecheck calculational proofs at the level of detail they are usually written by hand. It builds the support for calculations into the programming language and autoactive program verifier Dafny. The paper demonstrates that calculations integrate smoothly with other language constructs, producing concise and readable proofs in a wide range of problem domains: from mathematical theorems to correctness of imperative programs. The examples show that calculational proofs in Dafny compare favorably, in terms of readability and conciseness, with arguments written in other styles and proof languages.
Formalizing and Verifying a Modern Build Language
, 2014
"... CLOUDMAKE is a software utility that automatically builds executable programs and libraries from source code—a modern MAKE utility. Its design gives rise to a number of possible optimizations, like cached builds, and the executables to be built are described using a functional programming language ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
CLOUDMAKE is a software utility that automatically builds executable programs and libraries from source code—a modern MAKE utility. Its design gives rise to a number of possible optimizations, like cached builds, and the executables to be built are described using a functional programming language. This paper formally and mechanically verifies the correctness of central CLOUDMAKE algorithms. The paper defines the CLOUDMAKE language using an operational semantics, but with a twist: the central operation exec is defined axiomatically, making it pluggable so that it can be replaced by calls to compilers, linkers, and other tools. The formalization and proofs of the central CLOUDMAKE algorithms are done entirely in DAFNY, the proof engine of which is an SMTbased program verifier.
Type Systems for the Masses: Deriving Soundness Proofs and Efficient Checkers
"... The correct definition and implementation of nontrivial type systems is difficult and requires expert knowledge, which is not available to developers of domainspecific languages (DSLs) in practice. We propose Veritas, a workbench that simplifies the development of sound type systems. Veritas provi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
The correct definition and implementation of nontrivial type systems is difficult and requires expert knowledge, which is not available to developers of domainspecific languages (DSLs) in practice. We propose Veritas, a workbench that simplifies the development of sound type systems. Veritas provides a single, highlevel specification language for type systems, from which it automatically tries to derive soundness proofs and efficient and correct typechecking algorithms. For verification, Veritas combines offtheshelf automated firstorder theorem provers with automated proof strategies specific to type systems. For deriving efficient type checkers, Veritas provides a collection of optimization strategies whose applicability to a given type system is checked through verification on a casebycase basis. We have developed a prototypical implementation of Veritas and used it to verify type soundness of the simplytyped lambda calculus and of parts of typed SQL. Our experience suggests that many of the individual verification steps can be automated and, in particular, that a high degree of automation is possible for type systems of DSLs. 1.
Coinduction Simply  Automatic Coinductive Proofs in a Program Verifier
, 2013
"... Program verification relies heavily on induction, which has received decades of attention in mechanical verification tools. When program correctness is best described by infinite structures, program verification is usefully aided also by coinduction, which has not benefited from the same degree of ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Program verification relies heavily on induction, which has received decades of attention in mechanical verification tools. When program correctness is best described by infinite structures, program verification is usefully aided also by coinduction, which has not benefited from the same degree of tool support. Coinduction is complicated to work with in interactive proof assistants and has had no previous support in dedicated program verifiers. This paper shows that an SMTbased program verifier can support reasoning about coinduction—handling infinite data structures, lazy function calls, and userdefined properties defined as greatest fixpoints, as well as letting users write coinductive proofs. Moreover, the support can be packaged to provide a simple user experience. The paper describes the features for coinduction in the language and verifier Dafny, defines their translation into input for a firstorder SMT solver, and reports on some encouraging initial experience.