Results 1 
7 of
7
VCC: A practical system for verifying concurrent C
 IN CONF. THEOREM PROVING IN HIGHER ORDER LOGICS (TPHOLS), VOLUME 5674 OF LNCS
"... VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof ..."
Abstract

Cited by 88 (18 self)
 Add to MetaCart
VCC is an industrialstrength verification environment for lowlevel concurrent system code written in C. VCC takes a program (annotated with function contracts, state assertions, and type invariants) and attempts to prove the correctness of these annotations. It includes tools for monitoring proof attempts and constructing partial counterexample executions for failed proofs. This paper motivates VCC, describes our verification methodology, describes the architecture of VCC, and reports on our experience using VCC to verify the Microsoft HyperV hypervisor.
Satisfiability Modulo Software
, 2009
"... Formal verification is the act of proving correctness of a hardware or software system using formal methods of mathematics. In the last decade formal hardware verification has seen an increasing usage of Satisfiability Modulo Theories (SMT) solvers. SMT solvers check satisfiability of firstorder fo ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Formal verification is the act of proving correctness of a hardware or software system using formal methods of mathematics. In the last decade formal hardware verification has seen an increasing usage of Satisfiability Modulo Theories (SMT) solvers. SMT solvers check satisfiability of firstorder formulas, where certain symbols are interpreted according to background theories like integer or bitvector arithmetic. Since the formulas used to encode correctness of hardware design are mostly quantifierfree, SMT solvers are built as theoryaware extensions of propositional satisfiability solvers. As a consequence, SMT solvers do not “naturally ” support quantified formulas, which are needed for verification of complex software systems. Thus, while SMT solvers are already an industrially viable tool for formal hardware verification, software applications are not as developed. This thesis focuses on both the software verification specific problems in the construction of SMT solvers, as well as SMTspecific parts of a software verification system. On the SMT side, we present algorithms for efficient
Verification of Certifying Computations
"... Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each outpu ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm – yet it is all the user has to trust. Verification of checkers is feasible with current tools and leads to computations that can be completely trusted. In this paper we develop a framework to seamlessly verify certifying computations. The automatic verifier VCC is used for checking code correctness, and the interactive theorem prover Isabelle/HOL targets highlevel mathematical properties of algorithms. We demonstrate the effectiveness of our approach by applying it to the verification of the algorithmic library LEDA. 1
European Microsoft Innovation
"... We give a case study for a Satisfiability Modulo Theories (SMT) solver usage in functional verification of a real world operating system. In particular, we present a view of the Ematching pattern annotations on quantified formulas as a kind of logic programming language, used to encode semantics of ..."
Abstract
 Add to MetaCart
We give a case study for a Satisfiability Modulo Theories (SMT) solver usage in functional verification of a real world operating system. In particular, we present a view of the Ematching pattern annotations on quantified formulas as a kind of logic programming language, used to encode semantics of the programming language undergoing verification. We postulate a few encoding patterns to be benchmark problems for a possible Ematching alternative. We also describe features required from the SMT solver in deductive software verification scenarios.
Deductive Verification of System Software in the Verisoft XT Project
"... The main goal of the Verisoft XT project is the creation of methods and tools which allow for the pervasive formal verification of integrated computer systems, and the prototypical realization of four concrete industrial application tasks. In this paper, we report on two of Verisoft XT’s subproject ..."
Abstract
 Add to MetaCart
The main goal of the Verisoft XT project is the creation of methods and tools which allow for the pervasive formal verification of integrated computer systems, and the prototypical realization of four concrete industrial application tasks. In this paper, we report on two of Verisoft XT’s subprojects, where formal verification is applied to realworld system software, namely Microsoft’s Hypervisor and the embedded operating system PikeOS. We describe the deductive verification technology used in Verisoft XT and the tool chain that implements these methods, including the C verifier called VCC and the SMT solver Z3. 1
Verification of Dependable Software using Spark
"... Abstract. We present a link between the interactive proof assistant Isabelle/HOL and the Spark/Ada tool suite for the verification of highintegrity software. Using this link, we can tackle verification problems that are beyond reach of the proof tools currently available for Spark. To demonstrate th ..."
Abstract
 Add to MetaCart
Abstract. We present a link between the interactive proof assistant Isabelle/HOL and the Spark/Ada tool suite for the verification of highintegrity software. Using this link, we can tackle verification problems that are beyond reach of the proof tools currently available for Spark. To demonstrate that our methodology is suitable for realworld applications, we show how it can be used to verify an efficient library for big numbers. This library is then used as a basis for an implementation of the RSA publickey encryption algorithm in Spark/Ada. 1
A Developeroriented Hoare Logic
"... Even with current automated reasoning technology, full functional verification requires human interaction to guide the proof: assignments to ghost variables (e.g. [1]) or intermediate assertions (e.g. [17]) need to be provided, and sometimes the prover’s deductions need to be examined in detail (e.g ..."
Abstract
 Add to MetaCart
Even with current automated reasoning technology, full functional verification requires human interaction to guide the proof: assignments to ghost variables (e.g. [1]) or intermediate assertions (e.g. [17]) need to be provided, and sometimes the prover’s deductions need to be examined in detail (e.g. [1, §7],[13]). Indeed, some authors have argued that the developer’s understanding will be necessary regardless of advances in automation (e.g. [17, §7.2][8, §4.3][2, §1.2]). For effective interaction, the user has to understand the generated verification conditions. While it is possible to relate them back to the source code by suitable highlights and annotations (e.g. [4, 9]), this approach does not cover the verification conditions themselves. For instance, the conditions usually express sideeffects in the program by substitutions (e.g. [4, §4.2]), which in a weakest precondition calculus relate only loosely to a developer’s view on the code. We therefore propose to design the Hoare logic and verification environment itself to increase the developer’s understanding of the verification process. Taking lightweight separation [5, 6, 7] as the basis, this paper presents a suite of verification tools developed around that method and their application to case studies. Although the language treated is a C dialect with a finite byteaddressed