This paper presents a method for deriving an expression from the lowlevel code compiled from an expression in a high-level language. The input is the low-level code represented as blocks of code connected by goto statements, i.e., a control flow graph (CFG). The derived expression is in a form that can be used as input to an automatic theorem prover. The method is useful for program verification systems that take as input both programs and specifications after they have been compiled from a high-level language. This is the case for systems that encode specifications in an existing programming language and do not have a special compiler. The method always produces an expression, unlike the heuristics for decompilation which may fail. It is efficient: the resulting expression is linear in the size of the CFG by maintaining all sharing of subgraphs.

www.vscomp.org Abstract. We, the organizers and participants, report our experiences

www.vscomp.org Abstract. We, the organizers and participants, report our experiences

Abstract. The Hoare state monad provides a powerful means of structuring the verification of higher-order, stateful programs. However, most prior works involving the Hoare monad have been in the context of interactive proof assistants, imposing a significant cost both for computing verification conditions and for discharging their proofs. This paper aims to reduce this cost by automatically inferring verification conditions for programs using the Hoare monad. The inferred conditions can then be fed to a standard, first-order, automated theorem prover, e.g., an SMT solver. Our approach has several novelties and benefits. Most prominently, the specifications inferred for stateful functions involve the use of predicate transformers applied to arbitrary, polymorphic post-conditions. This allows us to easily implement a syntactic, unification-based type inference algorithm, even in the presence of calls to higher-order functions. We show how to structure specifications so that despite the use of higher-order logic in the types of higher-order functions, we can generate first-order verification conditions for many programs. The present work also has some limitations: we focus primarily on specification inference for (recursion-free) clients of higher-order libraries; the libraries themselves (as well as all loop invariants) require manual specifications. We have implemented our inference algorithm as a front-end to the F ⋆ compiler and report on a preliminary evaluation of our tool on a collection of benchmarks. 1

Training Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNU-IIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. As well as providing two-thirds of the endowment fund, the Macao authorities also supply UNU-IIST with its office premises and furniture and subsidise fellow accommodation. The mission of UNU-IIST is to assist developing countries in the application and development of software technology. UNU-IIST contributes through its programmatic activities: 1. Advanced development projects, in which software techniques supported by tools are applied, 2. Research projects, in which new techniques for software development are investigated, 3. Curriculum development projects, in which courses of software technology for universities in developing countries are developed, 4. University development projects, which complement the curriculum development projects by aiming to strengthen all aspects of computer science teaching in universities in developing countries, 5. Schools and Courses, which typically teach advanced software development techniques,

Abstract. A piece of code in a computer program is infeasible if it cannot be part of any normally-terminating execution of the program. Wedevelopanalgorithm for theautomatic detectionofall infeasible code in a program. We first translate the task of determining all infeasible code into the problem of finding all statements that can be covered by a feasible path. We prove that in order to identify all coverable statements, it is sufficient to find all coverable statements within a certain minimal subset. For this, our algorithm repeatedly queries an oracle, asking for the infeasibility of specific sets of control-flow paths. We present a sound implementation of the proposed algorithm on top of the Boogie program verifier utilizing a theorem prover to provide the oracle required by the algorithm. We show experimentally a drastic decrease in the number of theorem prover queries compared to existing approaches, resulting in an overall speedup of the entire computation.