research-article

Mostly-automated verification of low-level programs in computational separation logic

Author:

Adam ChlipalaAuthors Info & Claims

ACM SIGPLAN Notices, Volume 46, Issue 6

Pages 234 - 245

https://doi.org/10.1145/1993316.1993526

Published: 04 June 2011 Publication History

Abstract

Several recent projects have shown the feasibility of verifying low-level systems software. Verifications based on automated theorem-proving have omitted reasoning about first-class code pointers, which is critical for tasks like certifying implementations of threads and processes. Conversely, verifications that deal with first-class code pointers have featured long, complex, manual proofs. In this paper, we introduce the Bedrock framework, which supports mostly-automated proofs about programs with the full range of features needed to implement, e.g., language runtime systems.

The heart of our approach is in mostly-automated discharge of verification conditions inspired by separation logic. Our take on separation logic is computational, in the sense that function specifications are usually written in terms of reference implementations in a purely functional language. Logical quantifiers are the most challenging feature for most automated verifiers; by relying on functional programs (written in the expressive language of the Coq proof assistant), we are able to avoid quantifiers almost entirely. This leads to some dramatic improvements compared to both past work in classical verification, which we compare against with implementations of data structures like binary search trees and hash tables; and past work in verified programming with code pointers, which we compare against with examples like function memoization and a cooperative threading library.

References

[1]

Mike Barnett, Bor-Yuh Evan Chang, Robert Deline, Bart Jacobs, and K. Rustan M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Proc. FMCO, 2006.

Digital Library

[2]

Josh Berdine, Cristiano Calcagno, and Peter W. O'Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In Proc. FMCO, 2005.

Digital Library

[3]

Hongxu Cai, Zhong Shao, and Alexander Vaynberg. Certified self-modifying code. In Proc. PLDI, 2007.

Digital Library

[4]

Cristiano Calcagno, Dino Distefano, Peter O'Hearn, and Hongseok Yang. Compositional shape analysis by means of bi-abduction. In Proc. POPL, 2009.

Digital Library

[5]

Bor-Yuh Evan Chang and Xavier Rival. Relational inductive shape analysis. In Proc. POPL, 2008.

Digital Library

[6]

Arthur Charguéraud. Program verification through characteristic formulae. In Proc. ICFP, 2010.

Digital Library

[7]

Adam Chlipala, Gregory Malecha, Greg Morrisett, Avraham Shinnar, and Ryan Wisnesky. Effective interactive proofs for higher-order imperative programs. In Proc. ICFP, 2009.

Digital Library

[8]

Coq Development Team. The Coq proof assistant reference manual, version 8.3. 2010.

[9]

David Delahaye. A tactic language for the system Coq. In Proc. LPAR, 2000.

Digital Library

[10]

David Detlefs, Greg Nelson, and James B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005.

Digital Library

[11]

Xinyu Feng and Zhong Shao. Modular verification of concurrent assembly code with dynamic thread creation and termination. In Proc. ICFP, 2005.

Digital Library

[12]

Xinyu Feng, Zhong Shao, Yuan Dong, and Yu Guo. Certifying low-level programs with hardware interrupts and preemptive threads. In Proc. PLDI, 2008.

Digital Library

[13]

Xinyu Feng, Zhong Shao, Alexander Vaynberg, Sen Xiang, and Zhaozhong Ni. Modular verification of assembly code with stack-based control abstractions. In Proc. PLDI, 2006.

Digital Library

[14]

Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. In Proc. PLDI, 2002.

Digital Library

[15]

Nadeem Abdul Hamid and Zhong Shao. Interfacing Hoare logic and type systems for foundational proof-carrying code. In Proc. TPHOLs, 2004.

[16]

Chris Hawblitzel and Erez Petrank. Automated verification of practical garbage collectors. In Proc. POPL, 2009.

Digital Library

[17]

Bart Jacobs, Jan Smans, and Frank Piessens. A quick tour of the VeriFast program verifier. In Proc. APLAS, 2010.

Digital Library

[18]

Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. seL4: Formal verification of an OS kernel. In Proc. SOSP, 2009.

Digital Library

[19]

Viktor Kuncak, Ruzica Piskac, Philippe Suter, and Thomas Wies. Building a calculus of data structures (invited paper). In Proc. VMCAI, 2010.

Digital Library

[20]

Andrew McCreight. Practical tactics for separation logic. In Proc. TPHOLs, 2009.

Digital Library

[21]

Andrew McCreight, Zhong Shao, Chunxiao Lin, and Long Li. A general framework for certifying garbage collectors and their mutators. In Proc. PLDI, 2007.

Digital Library

[22]

Farhad Mehta and Tobias Nipkow. Proving pointer programs in higher-order logic. In Proc. CADE, 2003.

[23]

Aleksandar Nanevski, Greg Morrisett, Avraham Shinnar, Paul Govereau, and Lars Birkedal. Ynot: Reasoning with the awkward squad. In Proc. ICFP, 2008.

[24]

Zhaozhong Ni and Zhong Shao. Certified assembly programming with embedded code pointers. In Proc. POPL, 2006.

Digital Library

[25]

Zhaozhong Ni, Dachuan Yu, and Zhong Shao. Modular verification of machine-level thread implementation. Technical report, 2006.

[26]

Zhaozhong Ni, Dachuan Yu, and Zhong Shao. Using XCAP to certify realistic system code: Machine context management. In Proc. TPHOLs, 2007.

Digital Library

[27]

Lawrence C. Paulson. Isabelle: A generic theorem prover. Journal of Automated Reasoning, 5, 1994.

[28]

John C. Reynolds. Separation logic: A logic for shared mutable data structures. In Proc. LICS, 2002.

Digital Library

[29]

Mooly Sagiv, Thomas Reps, and Reinhard Wilhelm. Parametric shape analysis via 3-valued logic. TOPLAS, 24, 2002.

Digital Library

[30]

Jean Yang and Chris Hawblitzel. Safe to the last instruction: automated verification of a type-safe operating system. In Proc. PLDI, 2010.

Digital Library

[31]

Karen Zee, Viktor Kuncak, and Martin Rinard. Full functional verification of linked data structures. In Proc. PLDI, 2008.

Digital Library

[32]

Karen Zee, Viktor Kuncak, and Martin Rinard. An integrated proof language for imperative programs. In Proc. PLDI, 2009.

Digital Library

Cited By

Xu QSanan DHou ZLuan XWatt CLiu Y(2025)Generically Automating Separation Logic by Functors, Homomorphisms, and ModulesProceedings of the ACM on Programming Languages10.1145/37049039:POPL(1992-2024)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704903
de Almeida Borges AGonzález Bedmar MConejero Rodríguez JHermo Reyes ECasals Buñuel JJoosten JTimany ATraytel DPientka BBlazy S(2024)UTC Time, Formally VerifiedProceedings of the 13th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3636501.3636958(2-13)Online publication date: 9-Jan-2024
https://dl.acm.org/doi/10.1145/3636501.3636958
Kim JGu RShao Z(2024) : A simplified and abstract multicore hardware model for large scale system software formal verification Journal of Systems Architecture10.1016/j.sysarc.2023.103049147(103049)Online publication date: Feb-2024
https://doi.org/10.1016/j.sysarc.2023.103049
Show More Cited By

Index Terms

Mostly-automated verification of low-level programs in computational separation logic
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
      2. Formal methods
2. Theory of computation
  1. Logic
    1. Proof theory
  2. Semantics and reasoning
    1. Program reasoning
      1. Program verification

Recommendations

Mostly-automated verification of low-level programs in computational separation logic
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation

Several recent projects have shown the feasibility of verifying low-level systems software. Verifications based on automated theorem-proving have omitted reasoning about first-class code pointers, which is critical for tasks like certifying ...
Effective interactive proofs for higher-order imperative programs
ICFP '09: Proceedings of the 14th ACM SIGPLAN international conference on Functional programming

We present a new approach for constructing and verifying higher-order, imperative programs using the Coq proof assistant. We build on the past work on the Ynot system, which is based on Hoare Type Theory. That original system was a proof of concept, ...
Effective interactive proofs for higher-order imperative programs
ICFP '09

We present a new approach for constructing and verifying higher-order, imperative programs using the Coq proof assistant. We build on the past work on the Ynot system, which is based on Hoare Type Theory. That original system was a proof of concept, ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 46, Issue 6

PLDI '11

June 2011

652 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1993316

Issue’s Table of Contents

PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2011
668 pages
ISBN:9781450306638
DOI:10.1145/1993498
General Chair:
Mary Hall
University of Utah
,
Program Chair:
David Padua
University of Illinois at Urbana-Champaign

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2011

Published in SIGPLAN Volume 46, Issue 6

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

159
Total Citations
View Citations
667
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)10

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu QSanan DHou ZLuan XWatt CLiu Y(2025)Generically Automating Separation Logic by Functors, Homomorphisms, and ModulesProceedings of the ACM on Programming Languages10.1145/37049039:POPL(1992-2024)Online publication date: 9-Jan-2025
https://dl.acm.org/doi/10.1145/3704903
de Almeida Borges AGonzález Bedmar MConejero Rodríguez JHermo Reyes ECasals Buñuel JJoosten JTimany ATraytel DPientka BBlazy S(2024)UTC Time, Formally VerifiedProceedings of the 13th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3636501.3636958(2-13)Online publication date: 9-Jan-2024
https://dl.acm.org/doi/10.1145/3636501.3636958
Kim JGu RShao Z(2024) : A simplified and abstract multicore hardware model for large scale system software formal verification Journal of Systems Architecture10.1016/j.sysarc.2023.103049147(103049)Online publication date: Feb-2024
https://doi.org/10.1016/j.sysarc.2023.103049
Huyghebaert SKeuchel SDe Roover CDevriese DMeng WJensen CCremers CKirda E(2023)Formalizing, Verifying and Applying ISA Security Guarantees as Universal ContractsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616602(2083-2097)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616602
Keuchel SHuyghebaert SLukyanov GDevriese D(2022)Verified symbolic execution with Kripke specification monads (and no meta-programming)Proceedings of the ACM on Programming Languages10.1145/35476286:ICFP(194-224)Online publication date: 31-Aug-2022
https://dl.acm.org/doi/10.1145/3547628
Itzhaky SPeleg HPolikarpova NRowe RSergey I(2021)Deductive Synthesis of Programs with Pointers: Techniques, Challenges, OpportunitiesComputer Aided Verification10.1007/978-3-030-81685-8_5(110-134)Online publication date: 15-Jul-2021
https://doi.org/10.1007/978-3-030-81685-8_5
Charguéraud A(2020)Separation logic for sequential programs (functional pearl)Proceedings of the ACM on Programming Languages10.1145/34089984:ICFP(1-34)Online publication date: 3-Aug-2020
https://dl.acm.org/doi/10.1145/3408998
Lundberg DGuanciale RLindner ADam M(2020)Hoare-Style Logic for Unstructured ProgramsSoftware Engineering and Formal Methods10.1007/978-3-030-58768-0_11(193-213)Online publication date: 8-Sep-2020
https://doi.org/10.1007/978-3-030-58768-0_11
Sjöberg VSang YWeng SShao Z(2019)DeepSEA: a language for certified system softwareProceedings of the ACM on Programming Languages10.1145/33605623:OOPSLA(1-27)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360562
Qiu XWang Y(2019)A Decidable Logic for Tree Data-Structures with MeasurementsVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-11245-5_15(318-341)Online publication date: 11-Jan-2019
https://doi.org/10.1007/978-3-030-11245-5_15
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents