Results 1  10
of
15
Implicit Dynamic Frames
, 2011
"... An important, challenging problem in the verification of imperative programs with shared, mutable state is the frame problem in the presence of data abstraction. That is, one must be able to specify and verify upper bounds on the set of memory locations a method can read and write without exposing t ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
An important, challenging problem in the verification of imperative programs with shared, mutable state is the frame problem in the presence of data abstraction. That is, one must be able to specify and verify upper bounds on the set of memory locations a method can read and write without exposing that method’s implementation. Separation logic is now widely considered the most promising solution to this problem. However, unlike conventional verification approaches, separation logic assertions cannot mention heapdependent expressions from the host programming language such as method calls familiar to many developers. Moreover, separation logicbased verifiers are often based on symbolic execution. These symbolic executionbased verifiers typically do not support nonseparating conjunction, and some of them rely on the developer to explicitly fold and unfold predicate definitions. Furthermore, several researchers have wondered whether it is possible to use verification condition generation and standard firstorder provers instead of symbolic execution to automatically verify conformance with a separation logic specification. In this paper, we propose a variant of separation logic, called implicit dynamic frames, that supports heapdependent expressions inside assertions. Conformance with an implicit dynamic frames specification can be checked by proving validity of a number of firstorder verification conditions. To show that these verification
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
Typebased data structure verification
 In PLDI
, 2009
"... We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are typically fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). W ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are typically fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). We introduce two novel typebased mechanisms targeted towards these elements: recursive refinements and polymorphic refinements. These mechanisms automate the challenging work of generalizing and instantiating rich universal invariants by piggybacking simple refinement predicates on top of types, and carefully dividing the labor of analysis between the type system and an SMT solver [6]. Further, the mechanisms permit the use of the abstract interpretation framework of liquid type inference [22] to automatically synthesize complex invariants from simple logical qualifiers, thereby almost completely automating the verification. We have implemented our approach in DSOLVE, which uses liquid types to verify OCAML programs. We present experiments that show that our typebased approach reduces the manual annotation required to verify complex properties like sortedness, balancedness, binarysearchordering, and acyclicity by more than an order of magnitude.
LowLevel Liquid Types ∗
"... We present LowLevel Liquid Types, a refinement type system for C based on Liquid Types. LowLevel Liquid Types combine refinement types with three key elements to automate verification of critical safety properties of lowlevel programs: First, by associating refinement types with individual heap l ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
We present LowLevel Liquid Types, a refinement type system for C based on Liquid Types. LowLevel Liquid Types combine refinement types with three key elements to automate verification of critical safety properties of lowlevel programs: First, by associating refinement types with individual heap locations and precisely tracking the locations referenced by pointers, our system is able to reason about complex invariants of inmemory data structures and sophisticated uses of pointer arithmetic. Second, by adding constructs which allow strong updates to the types of heap locations, even in the presence of aliasing, our system is able to verify properties of inmemory data structures in spite of temporary invariant violations. By using this strong update mechanism, our system is able to verify the correct initialization of newlyallocated regions of memory. Third, by using the abstract interpretation framework of Liquid Types, we are able to use refinement type inference to automatically verify important safety properties without imposing an onerous annotation burden. We have implemented our approach in CSOLVE, a tool for LowLevel Liquid Type inference for C programs. We demonstrate through several examples that CSOLVE is able to precisely infer complex invariants required to verify important safety properties, like the absence of array bounds violations and nulldereferences, with a minimal annotation overhead.
Dependently Typed Programming with DomainSpecific Logics
 SUBMITTED TO POPL ’09
, 2008
"... We define a dependent programming language in which programmers can define and compute with domainspecific logics, such as an accesscontrol logic that statically prevents unauthorized access to controlled resources. Our language permits programmers to define logics using the LF logical framework, ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We define a dependent programming language in which programmers can define and compute with domainspecific logics, such as an accesscontrol logic that statically prevents unauthorized access to controlled resources. Our language permits programmers to define logics using the LF logical framework, whose notion of binding and scope facilitates the representation of the consequence relation of a logic, and to compute with logics by writing functional programs over LF terms. These functional programs can be used to compute values at runtime, and also to compute types at compiletime. In previous work, we studied a simplytyped framework for representing and computing with variable binding [LICS 2008]. In this paper, we generalize our previous type theory to account for dependently typed inference rules, which are necessary to adequately represent domainspecific logics, and we present examples of using our type theory for certified software and mechanized metatheory.
Specification and Automatic Verification of Frame Properties for Javalike Programs
, 2009
"... ..."
Foundations and Applications of HigherDimensional Directed Type Theory
"... Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mat ..."
Abstract
 Add to MetaCart
Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mathematical propositions are thereby to be understood as specifications, or problem descriptions, that are solved by providing a program that meets the specification. Conversely, a program can, by the same token, be understood as a proof of its type viewed as a proposition. Over the last quartercentury type theory has emerged as the central organizing principle of programming language research, through the identification of the informal concept of language features with type structure. Numerous benefits accrue from the identification of proofs and programs in type theory. First, it provides the foundation for integrating types and verification, the two most successful formal methods used to ensure the correctness of software. Second, it provides a language for the mechanization of mathematics in which proof checking is equivalent to type checking, and proof search is equivalent to writing a program to meet a specification.
TypeBased Data Structure Verification
"... Author information hidden for doubleblind review We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are often fashioned from two elements: recursion (e.g., lists and tree ..."
Abstract
 Add to MetaCart
Author information hidden for doubleblind review We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are often fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). We introduce two novel typebased mechanisms targeted towards these elements: recursive refinements and polymorphic refinements. These mechanisms automate the challenging work of generalizing and instantiating rich universal invariants by piggybacking simple refinement predicates on top of types, and carefully dividing the labor of analysis between the type system and an SMT solver [6]. Further, the mechanisms permit the use of the abstract interpretation framework of liquid type inference [18] to automatically synthesize complex invariants from simple logical qualifiers, thereby almost completely automating the verification. We have implemented our approach in DSOLVE, which uses liquid types to verify OCAML programs. We present experiments that show that our typebased approach reduces the manual annotations required to verify complex properties like sortedness, balancedness, binarysearchordering, and acyclicity by more than an order of magnitude. 1.
Generator
, 2011
"... Abstract: Deductionbased software verification tools have reached a maturity allowing them to be used in industrial context where a very high level of assurance is required. This raises the question of the level of confidence we can grant to the tools themselves. We present a certified implementati ..."
Abstract
 Add to MetaCart
Abstract: Deductionbased software verification tools have reached a maturity allowing them to be used in industrial context where a very high level of assurance is required. This raises the question of the level of confidence we can grant to the tools themselves. We present a certified implementation of a verification condition generator. An originality is its genericity with respect to the logical context, which allows us to produce proof obligations for a large class of theorem provers. This implementation is conducted within the Coq proof assistant, and is crafted so that it can be extracted into a standalone executable, independent of Coq, which is another originality.
VeriFast for Java: A Tutorial
"... Abstract. VeriFast is a separation logicbased program verifier for Java. This tutorial introduces the verifier’s features step by step. 1 ..."
Abstract
 Add to MetaCart
Abstract. VeriFast is a separation logicbased program verifier for Java. This tutorial introduces the verifier’s features step by step. 1