sign in sign up
<<
Home , Lean (proof assistant)

Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Program Verification with

Benedikt Maderbacher IAIK – Graz University of Technology [email protected]

Name Place, Date Title 1 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

http://www.iaik.tugraz.at

Dafny 2 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Interactive Theorem Prover

▪ Checks if a program is correct ▪ with help of from the user

▪ User provides: ▪ annotations ▪ manual proofs for some properties

http://www.iaik.tugraz.at

Dafny 3 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Interactive Theorem Provers

▪ Dafny ▪ Hoare Logic

▪ Coq, Lean, Agda, F* ▪ Depended

▪ Isabelle/HOL, HOL Light ▪ Higher Order Logic

http://www.iaik.tugraz.at

Dafny 4 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Applications

▪ CompCert ▪ A verified compiler (Coq)

▪ seL4 ▪ A verified micro kernel (Isabelle/HOL)

▪ Project Everest ▪ A verified network stack (multiple)

http://www.iaik.tugraz.at

Dafny 5 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Demo: Dafny

http://www.iaik.tugraz.at

Dafny 6 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Total Correctness

▪ Proof that a program is correct and terminates.

▪ Show that a loop can’t run forever.

http://www.iaik.tugraz.at

Dafny 7 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Total Correctness

http://www.iaik.tugraz.at

Dafny 8 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

http://www.iaik.tugraz.at

Dafny 9 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Total Correctness

▪ Proof that a program is correct and terminates.

▪ Use a variant to show a loop can’t run forever.

▪ In Dafny this is annotated with decreases.

http://www.iaik.tugraz.at

Dafny 10 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Total Correctness

http://www.iaik.tugraz.at

Dafny 11 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Total Correctness

▪ Only works if E terminates!

▪ All functions calls must terminate. ▪ Can be done similar to while loops.

http://www.iaik.tugraz.at

Dafny 12 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Frame Rules

▪ Define what areas of the heap a method/function may access.

▪ reads ▪ What a function/predicate can read.

▪ modifies ▪ What a method can write

http://www.iaik.tugraz.at

Dafny 13 Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems

Frame Rules

▪ Local reasoning over mutable state.

▪ Make proofing larger programs feasible.

http://www.iaik.tugraz.at

Dafny 14