Download presentation
Presentation is loading. Please wait.
1
K. Rustan M. Leino Microsoft Research, Redmond, WA 10 Oct 2007 IFIP WG 2.3 meeting Santa Fe, NM
2
Static program verifier (Boogie) MSIL SMT solver (Z3) V.C. generator Inference engine verification condition “correct” or list of errors Spec# compiler Spec# BoogiePL C Translator VerifiedC HAVOC C
3
a := o.f o.f := a a := Heap[o,f] a := select(Heap, o, f) Heap[o,f] := a Heap := Heap[o,f := a] Heap := store(Heap, o, f, a)
![a := o.f o.f := a a := Heap[o,f] a := select(Heap, o, f) Heap[o,f] := a Heap := Heap[o,f := a] Heap := store(Heap, o, f, a)](http://images.slideplayer.com./17/5310648/slides/slide_3.jpg "a := o.f o.f := a a := Heap[o,f] a := select(Heap, o, f) Heap[o,f] := a Heap := Heap[o,f := a] Heap := store(Heap, o, f, a)")
4
a := r.f r.f := a a := r [ f ] a := select(r, f) r [ f ] := a r := r [ f := a ] r := store(r, f, a)
![a := r.f r.f := a a := r [ f ] a := select(r, f) r [ f ] := a r := r [ f := a ] r := store(r, f, a)](http://images.slideplayer.com./17/5310648/slides/slide_4.jpg "a := r.f r.f := a a := r [ f ] a := select(r, f) r [ f ] := a r := r [ f := a ] r := store(r, f, a)")
5
( r,f,g,a f = g select(store(r,f,a), g) = a) ( r,f,g,a f g select(store(r,f,a), g) = select(r,g))
6
Types find errors in translation Some types are required by some provers (e.g., SMT Lib)
7
Heap: ref x Field Value HeapBool: ref x Field bool HeapInt: ref x Field int … Heap: . ref x Field
8
type Record; type Field ; function select: . Record x Field function store: . Record x Field x Record
9
type R; type F ; function select: . R x F function store: . R x F x R
10
( : type ( r: R, f: F , g: F , a: f = g select(store(r,f,a), g) = a)) ( : type, : type ( r: R, f: F , g: F , a: f g select(store(r,f,a), g) = select(r,g))) type error
11
( : type ( r: R, f: F , g: F , a: f = g select(store(r,f,a), g) = a)) ( : type ( r: R, f: F , g: F , a: f g select(store(r,f,a), g) = select(r,g))) ( : type, : type | ( r: R, f: F , g: F , a: select(store(r,f,a), g) = select(r,g)))
12
( : type ( r: R, f: F , g: F , a: f = g select(store(r,f,a), g) = a)) ( : type, : type ( r: R, f: F , g: F , a: f g select(store(r,f,a), g) = select(r,g)))
13
class C { int x; bool y; void M() modifies this.x, this.y; { … } const x: Field int; const y: Field bool; procedure M(this: ref); modifies Heap; ensures ( : type ( o: ref, f: Field Heap[o,f] = old(Heap)[o,f] (o = this f = x) (o = this f = y) … )
![class C { int x; bool y; void M() modifies this.x, this.y; { … } const x: Field int; const y: Field bool; procedure M(this: ref); modifies Heap; ensures ( : type ( o: ref, f: Field Heap[o,f] = old(Heap)[o,f] (o = this f = x) (o = this f = y) … )](http://images.slideplayer.com./17/5310648/slides/slide_13.jpg "class C { int x; bool y; void M() modifies this.x, this.y; { … } const x: Field int; const y: Field bool; procedure M(this: ref); modifies Heap; ensures ( : type ( o: ref, f: Field Heap[o,f] = old(Heap)[o,f] (o = this f = x) (o = this f = y) … )")
14
How to generate verification conditions targeting a theorem prover whose input is untyped formulas, or multi-sorted formulas and has no direct support for parametric polymorphism, type constraints, guarded types, … ?
15
What types to include in BoogiePL 2? How to type equality? How to translate into more primitive type systems? perhaps let this drive the other issues?
Similar presentations
