Results 1  10
of
22
Static contract checking for Haskell
 In Proceedings of the 36th Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL ’09
, 2009
"... Abstract Program errors are hard to detect and are costly both to programmers who spend significant efforts in debugging, and for systems that are guarded by runtime checks. Static verification techniques have been applied to imperative and objectoriented languages, like Java and C#, but few have ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
(Show Context)
Abstract Program errors are hard to detect and are costly both to programmers who spend significant efforts in debugging, and for systems that are guarded by runtime checks. Static verification techniques have been applied to imperative and objectoriented languages, like Java and C#, but few have been applied to a higherorder lazy functional language, like Haskell. In this paper, we describe a sound and automatic static verification tool for Haskell, that is based on contracts and symbolic execution. Our approach is modular and gives precise blame assignments at compiletime in the presence of higherorder functions and laziness.
Unifying Type Checking and property checking for lowlevel code
, 2009
"... We present a unified approach to type checking and property checking for lowlevel code. Type checking for lowlevel code is challenging because type safety often depends on complex, programspecific invariants that are difficult for traditional type checkers to express. Conversely, property checking ..."
Abstract

Cited by 44 (15 self)
 Add to MetaCart
(Show Context)
We present a unified approach to type checking and property checking for lowlevel code. Type checking for lowlevel code is challenging because type safety often depends on complex, programspecific invariants that are difficult for traditional type checkers to express. Conversely, property checking for lowlevel code is challenging because it is difficult to write concise specifications that distinguish between locations in an untyped program’s heap. We address both problems simultaneously by implementing a type checker for lowlevel code as part of our property checker. We present a lowlevel formalization of a C program’s heap and its types that can be checked with an SMT solver, and we provide a decision procedure for checking type safety. Our type system is flexible enough to support a combination of nominal and structural subtyping for C, on a perstructure basis. We discuss several case studies that demonstrate the ability of this tool to express and check complex type invariants in lowlevel C code, including several small Windows device drivers.
Typebased data structure verification
 In PLDI
, 2009
"... We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are typically fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). W ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
We present a refinement typebased approach for the static verification of complex data structure invariants. Our approach is based on the observation that complex data structures are typically fashioned from two elements: recursion (e.g., lists and trees), and maps (e.g., arrays and hash tables). We introduce two novel typebased mechanisms targeted towards these elements: recursive refinements and polymorphic refinements. These mechanisms automate the challenging work of generalizing and instantiating rich universal invariants by piggybacking simple refinement predicates on top of types, and carefully dividing the labor of analysis between the type system and an SMT solver [6]. Further, the mechanisms permit the use of the abstract interpretation framework of liquid type inference [22] to automatically synthesize complex invariants from simple logical qualifiers, thereby almost completely automating the verification. We have implemented our approach in DSOLVE, which uses liquid types to verify OCAML programs. We present experiments that show that our typebased approach reduces the manual annotation required to verify complex properties like sortedness, balancedness, binarysearchordering, and acyclicity by more than an order of magnitude.
Verifying Stateful Programs with Substructural State and Hoare Types
"... A variety of techniques have been proposed to verify stateful functional programs by developing Hoare logics for the state monad. For better automation, we explore a different point in the design space: we propose using affine types to model state, while relying on refinement type checking to prove ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
A variety of techniques have been proposed to verify stateful functional programs by developing Hoare logics for the state monad. For better automation, we explore a different point in the design space: we propose using affine types to model state, while relying on refinement type checking to prove assertion safety. Our technique is based on verification by translation, starting from FX, an imperative objectbased surface language with specifications including object invariants and Hoare triple computation types, and translating into FINE, a functional language with dependent refinements and affine types. The core idea of the translation is the division of a stateful object into a pure value and an affine token whose type mentions the current state of the object. We prove our methodology sound via a simulation between imperative FX programs and their functional FINE translation. Our approach enables modular verification of FX programs supported by an SMT solver. We demonstrate its versatility by several examples, including verifying clients of stateful APIs, even in the presence of aliasing, and tracking information flow through sideeffecting computations.
Hybrid contract checking via symbolic simplification
 In: Proceedings of the ACM SIGPLAN 2012 workshop on Partial evaluation and program manipulation
, 2012
"... appor t de r ech er ch e ..."
(Show Context)
Automating Theorem Proving with SMT
, 2013
"... The power and automation offered by modern satisfiabilitymodulotheories (SMT) solvers is changing the landscape for mechanized formal theorem proving. For instance, the SMTbased program verifier Dafny supports a number of proof features traditionally found only in interactive proof assistants, ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
The power and automation offered by modern satisfiabilitymodulotheories (SMT) solvers is changing the landscape for mechanized formal theorem proving. For instance, the SMTbased program verifier Dafny supports a number of proof features traditionally found only in interactive proof assistants, like inductive, coinductive, and declarative proofs. To show that proof tools rooted in SMT are growing up, this paper presents, using Dafny, a series of examples that illustrate how theorems are expressed and proved. Since the SMT solver takes care of many formal trivialities automatically, users can focus more of their time on the creative ingredients of proofs.
Certifying
, 2013
"... and reasoning about cost annotations of functional programs ..."
(Show Context)
Author manuscript, published in "HigherOrder and Symbolic Computation (2013)" Certifying and reasoning about cost annotations of functional programs ∗
, 2013
"... We present a socalled labelling method to insert cost annotations in a higherorder functional program, to certify their correctness with respect to a standard, typable compilation chain to assembly code including safe memory management, and to reason about them in a higherorder Hoare logic. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
We present a socalled labelling method to insert cost annotations in a higherorder functional program, to certify their correctness with respect to a standard, typable compilation chain to assembly code including safe memory management, and to reason about them in a higherorder Hoare logic. 1
Lazy Least Fixed Points in ML
"... In this paper, we present an algorithm for computing the least solution of a system of monotone equations. This algorithm can be viewed as an effective form of the following wellknown fixed point theorem: Theorem Let V be a finite set of variables. Let (P, ≤, ⊥) be a partially ordered set ..."
Abstract
 Add to MetaCart
In this paper, we present an algorithm for computing the least solution of a system of monotone equations. This algorithm can be viewed as an effective form of the following wellknown fixed point theorem: Theorem Let V be a finite set of variables. Let (P, ≤, ⊥) be a partially ordered set
MSRINRIA Joint Centre
"... Abstract. We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multiparty games, and XML digital signatures. These applications are beyond the reach of automate ..."
Abstract
 Add to MetaCart
Abstract. We propose a flexible method for verifying the security of ML programs that use cryptography and recursive data structures. Our main applications are X.509 certificate chains, secure logs for multiparty games, and XML digital signatures. These applications are beyond the reach of automated cryptographic verifiers such as ProVerif, since they require some form of induction. They can be verified using refinement types (that is, types with embedded logical formulas, tracking security events). However, this entails replicating higherorder library functions and annotating each instance with its own logical pre and postconditions. Instead, we equip higherorder functions with precise, yet reusable types that can refer to the pre and postconditions of their functional arguments, using generic logical predicates. We implement our method by extending the F7 typechecker with automated support for these predicates. We evaluate our approach experimentally by verifying a series of security libraries and protocols. 1 Security Verification by Typing We intend to verify the security of programs that implement protocols and applications