Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Verification Using

Published byChastity Thompson Modified over 6 years ago

Similar presentations

Presentation on theme: "Program Verification Using"— Presentation transcript:

1 Program Verification Using
Aseem Rastogi Microsoft Research Winter School in Software Engineering 2017

2 One Request Please Ask Questions!!

3 Software is Everywhere

4 Cost of Software Bugs is High

5 Cost of Software Bugs is High
We need more reliable and secure software

6 Assuring Software Quality Today Software Testing

7 Program Verification Correct-by-construction Software
Use a program verifier, proof assistant, theorem prover for dev. Formally prove properties of the program during development (spec: sort returns a sorted list) let sort l = …

8 Development Process Program Specs
Extract code to a language such as OCaml or C Compile to executable Program Formally prove that the program meets the specifications (F*/Dafny/Coq) Specs Also within the tool Prove absence of bugs rather than that the program runs successfully on certain inputs

9 Success Stories of Program Verification
The CompCert C compiler Formally verified C compiler written in Coq Operating system kernels Verve (Boogie), seL4 (Isabelle), CertiKOS (Coq) Software stack IronClad (Dafny) (Mathematical proofs such as the proof of the 4-color theorem)

10 Congrats, But Does It Help?
Finding and Understanding Bugs in C Compilers Yang et al. PLDI’11 Wrong-code errors in GCC: 79, LLVM: 202, CompCert: … IronClad Apps: End-to-End Security via Automated Full-System Verification Hawblitzel et al. Usenix Security’14 “Almost all the code ran correctly the first time we tried!”**

11 Very Cool! Tell Me More! This Tutorial
25-75 split between theory and practice Theory: Hoare logic, weakest preconditions Practice: Prove correctness of mergesort in F* It is very important that you have a working F* installation (including the emacs plugin) If not, shout now! Program Formally prove that the program meets the specifications Specs

12 What is F* http://www.fstar-lang.org
A framework for verifying functional programs Effectful functional programs (we will cover very little of the effectful parts though) Advanced type system Specifications are written in the types Semi-automated Uses an SMT solver at the backend to discharge proof obligation Extracts to OCaml†

13 F* Team Microsoft Research, INRIA Paris, MIT, Univ. of Edinburgh, …
(A non-exhaustive list of people) Danel Ahman Benjamin Beurdouche Karthikeyan Bhargavan Antoine Delignat-Lavaud Victor Dumitrescu Cédric Fournet Cătălin Hriţcu Markulf Kohlweiss Qunyan Magnus Kenji Maillard Asher Manning Guido Martínez Zoe Paraskevopoulou Clément Pit-Claudel Jonathan Protzenko Tahina Ramananandro Aseem Rastogi Nikhil Swamy Christoph M. Wintersteiger Santiago Zanella-Béguelin

14 A First Taste Factorial program
let rec factorial n = if n = 0 then 1 else n * factorial (n – 1) What have we verified: -- The function has no side effects -- The function always terminates -- The function always returns a natural number val factorial: nat -> nat $ fstar.exe Test.fst Verified module: Test (546 milliseconds) All verification conditions discharged successfully

15 Behind the Scenes F* builds a Verification Condition for the program
And passes the VC to Z3 to check for validity If Z3 succeeds, then the program meets the spec Guaranteed by the proven (not mechanized) metatheory of F*

16 Applications of F* The F* compiler is written in F*!
Everest Project ( Aims to build and deploy a verified HTTPS stack Ongoing effort Verified Cryptographic Libraries Shipping as part of Firefox 57 Wys*: Verified DSL for Secure Multi-party Computation As a proof assistant: for several calculi, including a fragment of F*

Download ppt "Program Verification Using"

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Static Contract Checking for Haskell Dana N. Xu University of Cambridge Ph.D. Supervisor: Simon Peyton Jones Microsoft Research Cambridge.

Static Contract Checking for Haskell Dana N. Xu University of Cambridge Ph.D. Supervisor: Simon Peyton Jones Microsoft Research Cambridge.
Acceptance Testing.

Acceptance Testing.
Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania www.cis.upenn.edu/~alur/

Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Working with Discourse Representation Theory Patrick Blackburn & Johan Bos Lecture 3 DRT and Inference.

Working with Discourse Representation Theory Patrick Blackburn & Johan Bos Lecture 3 DRT and Inference.
Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.

Software Engineering & Automated Deduction Willem Visser Stellenbosch University With Nikolaj Bjorner (Microsoft Research, Redmond) Natarajan Shankar (SRI.
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Automated and Modular Refinement Reasoning for Concurrent Programs Collaborators: Chris Hawblitzel (Microsoft) Erez Petrank (Technion) Serdar Tasiran (Koc.

Automated and Modular Refinement Reasoning for Concurrent Programs Collaborators: Chris Hawblitzel (Microsoft) Erez Petrank (Technion) Serdar Tasiran (Koc.
Functional Design and Programming Lecture 11: Functional reasoning.

Functional Design and Programming Lecture 11: Functional reasoning.
Technology from seed Weakest Precondition Synthesis for Compiler Optimizations Nuno Lopes and José Monteiro.

Technology from seed Weakest Precondition Synthesis for Compiler Optimizations Nuno Lopes and José Monteiro.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.

Technology from seed Automatic Synthesis of Weakest Preconditions for Compiler Optimizations Nuno Lopes Advisor: José Monteiro.
VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

Similar presentations

Ads by Google