Results 1 
7 of
7
A generic cyclic theorem prover
 In APLAS’12, volume 7705 of LNCS
, 2012
"... Abstract. We describe the design and implementation of an automated theorem prover realising a fully general notion of cyclic proof. Our tool, called Cyclist, is able to construct proofs obeying a very general cycle scheme in which leaves may be linked to any other matching node in the proof, and to ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We describe the design and implementation of an automated theorem prover realising a fully general notion of cyclic proof. Our tool, called Cyclist, is able to construct proofs obeying a very general cycle scheme in which leaves may be linked to any other matching node in the proof, and to verify the general, global infinitary condition on such proof objects ensuring their soundness. Cyclist is based on a new, generic theory of cyclic proofs that can be instantiated to a wide variety of logics. We have developed three such concrete instantiations, based on: (a) firstorder logic with inductive definitions; (b) entailments of pure separation logic; and (c) Hoarestyle termination proofs for pointer programs. Experiments run on these instantiations indicate that Cyclist offers significant potential as a future platform for inductive theorem proving. 1
Verified heap theorem prover by paramodulation. in preparation
, 2011
"... We present VeriStar, a verified theorem prover for a decidable subset of separation logic. Together with VeriSmall [2], a provedsound Smallfootstyle program analysis for C minor, VeriStar demonstrates that fully machinechecked static analyses equipped with efficient theorem provers are now within ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
We present VeriStar, a verified theorem prover for a decidable subset of separation logic. Together with VeriSmall [2], a provedsound Smallfootstyle program analysis for C minor, VeriStar demonstrates that fully machinechecked static analyses equipped with efficient theorem provers are now within the reach of formal methods. As a pair, VeriStar and VeriSmall represent the first application of the Verified Software Toolchain [3], a tightly integrated collection of machineverified program logics and compilers giving foundational correctness guarantees. VeriStar is (1) purely functional, (2) machinechecked, (3) endtoend, (4) efficient and (5) modular. By purely functional, we mean it is implemented in Gallina, the pure functional programming language embedded in the Coq theorem prover. By machinechecked, we mean it has a proof in Coq that when the prover says “valid”, the checked entailment holds in a provedsound separation logic for C minor. By endtoend, we mean that when the static analysis+theorem prover says a C minor program is safe, the program will be compiled to a semantically equivalent assembly program that runs on real hardware. By efficient, we mean that the prover implements a stateoftheart algorithm for deciding heap entailments and uses highly tuned verified functional data structures. By modular, we mean that VeriStar can be retrofitted to other static analyses as a plugcompatible entailment checker and its soundness proof can easily be ported to other separation logics.
Automating proofs of datastructure properties in imperative programs
 CoRR
"... We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterp ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We consider the problem of automated reasoning about dynamically manipulated data structures. The stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm, where predicates are transformed via (un)folding operations induced from their definitions before being treated as uninterpreted. However, proof obligations from verifying programs with iterative loops and multiple function calls often do not succumb to this paradigm. Our contribution is a proof method which – beyond U+M – performs automatic formula rewriting by treating previously encountered obligations in each proof path as possible induction hypotheses. This enables us, for the first time, to systematically reason about a wide range of obligations, arising from practical program verification. We demonstrate the power of our proof rules on commonly used lemmas, thereby close the remaining gaps in existing stateoftheart systems. Another impact, probably more important, is that our method regains the power of compositional reasoning, and shows that the usage of userprovided lemmas is no longer needed for the existing set of benchmarks. This not only removes the burden of coming up with the appropriate lemmas, but also significantly boosts up the verification process, since lemma applications, coupled with unfolding, often induce very large search space. 1.
Learning to Verify the Heap
"... Abstract. We present a datadriven verification framework to automatically prove memory safety and functional correctness of heap programs. For this, we introduce a novel statistical machine learning technique that maps observed program states to (possibly disjunctive) separation logic formulas des ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We present a datadriven verification framework to automatically prove memory safety and functional correctness of heap programs. For this, we introduce a novel statistical machine learning technique that maps observed program states to (possibly disjunctive) separation logic formulas describing the invariant shape of (possibly nested) data structures at relevant program locations. We then attempt to verify these predictions using a theorem prover, where counterexamples to a predicted invariant are used as additional input to the shape predictor in a refinement loop. After obtaining valid shape invariants, we use a second learning algorithm to strengthen them with data invariants, again employing a refinement loop using the underlying theorem prover. We have implemented our techniques in Cricket, an extension of the GRASShopper verification tool. Cricket is able to automatically prove memory safety and correctness of implementations of a variety of classical heapmanipulating programs such as insertionsort, quicksort and traversals of nested data structures.
Automating Program Proofs Based on Separation Logic with Inductive Definitions
"... Abstract. This paper investigates the use of Separation Logic with inductive definitions in reasoning about programs that manipulate dynamic data structures. We propose a novel approach for exploiting the inductive definitions in automating program proofs based on inductive invariants. We focus on ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper investigates the use of Separation Logic with inductive definitions in reasoning about programs that manipulate dynamic data structures. We propose a novel approach for exploiting the inductive definitions in automating program proofs based on inductive invariants. We focus on iterative programs, although our techniques apply to recursive programs as well, and specifications that describe not only the shape of the data structures, but also their content or their size. This approach is based on a careful inspection of the typical lemmas needed in such program proofs and efficiently checkable criteria for recognizing inductive definitions that satisfy these lemmas. Empirically, we find that our approach is powerful enough to deal with sophisticated benchmarks, e.g., iterative procedures for searching, inserting, or deleting elements in binary search tress, redblack trees, and AVL trees, in a very efficient way. 1
On Automated Lemma Generation for Separation Logic with Inductive Definitions?
"... Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a n ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Separation Logic with inductive definitions is a wellknown approach for deductive verification of programs that manipulate dynamic data structures. Deciding verification conditions in this context is usually based on userprovided lemmas relating the inductive definitions. We propose a novel approach for generating these lemmas automatically which is based on simple syntactic criteria and deterministic strategies for applying them. Our approach focuses on iterative programs, although it can be applied to recursive programs as well, and specifications that describe not only the shape of the data structures, but also their content or their size. Empirically, we find that our approach is powerful enough to deal with sophisticated benchmarks, e.g., iterative procedures for searching, inserting, or deleting elements in sorted lists, binary search tress, redblack trees, and AVL trees, in a very efficient way. 1
Proving Data Structure Properties by Automatic Induction
"... We consider the problem of automated program verification with emphasis on reasoning about dynamically manipulated data structures. Presently, the stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm where predicates are transformed by fold/unfold operations induced from thei ..."
Abstract
 Add to MetaCart
(Show Context)
We consider the problem of automated program verification with emphasis on reasoning about dynamically manipulated data structures. Presently, the stateoftheart methods are limited to the unfoldandmatch (U+M) paradigm where predicates are transformed by fold/unfold operations induced from their recursive definitions. A crucial limitation of U+M is that it cannot in general prove properties between different predicates. Our contribution is a method which can automatically detect and employ induction hypothesis in the proof process, thereby providing a systematic and general method for reasoning about different predicates for the first time. After arguing that the need for this is in fact widespread in practice, we finally demonstrate our method experimentally.