Results 1 
7 of
7
Ynot: Dependent types for imperative programs
 In Proceedings of ICFP 2008
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 36 (10 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Ynot: Reasoning with the awkward squad
 In ACM SIGPLAN International Conference on Functional Programming
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Practical tactics for separation logic
 In TPHOLs, volume 5674 of LNCS
, 2009
"... Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard logic of a proof assistant. We have developed tactics for the simplification, rearranging, splitting, matching and rewriting of separation logic assertions as well as the discharging of a program verification condition using a separation logic description of the machine state. We have implemented our tactics in the Coq proof assistant, applying them to a deep embedding of Cminor, a Clike intermediate language used by Leroy’s verified CompCert compiler. We have used our tactics to verify the safety and completeness of a Cheney copying garbage collector written in Cminor. Our ideas should be applicable to other substructural logics and imperative languages. 1
A Primer on Separation Logic (and Automatic Program Verification and Analysis)
"... Abstract. These are the notes to accompany a course at the Marktoberdorf PhD summer school in 2011. The course consists of an introduction to separation logic, with a slant towards its use in automatic program verification and analysis. ..."
Abstract
 Add to MetaCart
Abstract. These are the notes to accompany a course at the Marktoberdorf PhD summer school in 2011. The course consists of an introduction to separation logic, with a slant towards its use in automatic program verification and analysis.
Noname manuscript No. (will be inserted by the editor) On Construction of a Library of Formally Verified Lowlevel Arithmetic Functions
"... the date of receipt and acceptance should be inserted later Abstract Arithmetic functions are used in many important computer programs such as computer algebra systems and cryptographic software. The latter are critical applications whose correct implementation deserves to be formally guaranteed. Th ..."
Abstract
 Add to MetaCart
the date of receipt and acceptance should be inserted later Abstract Arithmetic functions are used in many important computer programs such as computer algebra systems and cryptographic software. The latter are critical applications whose correct implementation deserves to be formally guaranteed. They are also computationintensive applications, so that programmers often resort to lowlevel assembly code to implement arithmetic functions. We propose an approach for the construction of a library of formally verified lowlevel arithmetic functions. To build our library, we first introduce a formalization of data structures for signed multiprecision arithmetic in lowlevel programs. We use this formalization to verify the implementation of several primitive arithmetic functions using Separation logic, an extension of Hoare logic to deal with pointers. Since this direct style of formal verification leads to technically involved specifications, we also propose for larger functions to show a formal simulation relation between pseudocode and assembly. This style of verification is illustrated with a concrete implementation of the binary extended gcd algorithm. 1
Separation Logic + Superposition Calculus = Heap Theorem Prover
"... Program analysis and verification tools crucially depend on the ability to symbolically describe and reason about sets of program behaviors. Separation logic provides a promising foundation for dealing with heap manipulating programs, while the development of practical automated deduction/satisfiabi ..."
Abstract
 Add to MetaCart
Program analysis and verification tools crucially depend on the ability to symbolically describe and reason about sets of program behaviors. Separation logic provides a promising foundation for dealing with heap manipulating programs, while the development of practical automated deduction/satisfiability checking tools for separation logic is a challenging problem. In this paper, we present an efficient, sound and complete automated theorem prover for checking validity of entailments between separation logic formulas with list segment predicates. Our theorem prover integrates separation logic inference rules that deal with list segments and a superposition calculus to deal with equality/aliasing between memory locations. The integration follows a modular combination approach that allows one to directly incorporate existing advanced techniques for firstorder reasoning with equality, as well as account for additional theories, e.g., linear arithmetic, using extensions of superposition. An experimental evaluation of our entailment prover indicates speedups of several orders of magnitude with respect to the available stateoftheart tools.