Static analysis of functional programs with an application to the frame problem in deductive verification Oana Fabiana Andreescu To cite this version: Oana Fabiana Andreescu. Static analysis of functional programs with an application to the frame problem in deductive verification. Other [cs.OH]. Université Rennes 1, 2017. English. NNT: 2017REN1S047. tel-01677897v2 HAL Id: tel-01677897 https://tel.archives-ouvertes.fr/tel-01677897v2 Submitted on 12 Jan 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE / UNIVERSITÉ DE RENNES 1 sous le sceau de l’Université Bretagne Loire pour le grade de DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Mention : Informatique Ecole doctorale Matisse présentée par Oana Fabiana Andreescu préparée à Prove & Run et á l’unité de recherche 6074 – IRISA Institut de Recherche en Informatique et Systemes Aleatoires Thèse soutenue à Rennes le 29 Mai 2017 devant le jury composé de : Sandrine Blazy Static Analysis of Professeure / Présidente Functional Programs Catherine Dubois Professeure / Rapporteuse with an Application to Antoine Miné the Frame Problem in Professeur / Rapporteur Deductive Verification Sylvain Conchon Professeur / Examinateur Thomas Jensen Professeur / Directeur de thèse Stéphane Lescuyer Ingénieur / Co-directeur de thèse ii iii UNIVERSITÉ DE RENNES 1 Abstract Prove & Run École doctorale Matisse DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Static Analysis of Functional Programs with an Application to the Frame Problem in Deductive Verification by Oana Fabiana Andreescu In the field of software verification, the frame problem refers to establishing the bound- aries within which program elements operate. It has notoriously tedious consequences on the specification of frame properties, which indicate the parts of the program state that an operation is allowed to modify, as well as on their verification, i.e. proving that operations modify only what is specified by their frame properties. In the context of interactive formal verification of complex systems, such as operating systems, much effort is spent addressing these consequences and proving the preservation of the sys- tems’ invariants. However, most operations have a localized effect on the system and impact only a limited number of invariants at the same time. In this thesis we address the issue of identifying those invariants that are unaffected by an operation and we present a solution for automatically inferring their preservation. Our solution is meant to ease the proof burden for the programmer. It is based on static analysis and does not require any additional frame annotations. Our strategy consists in combining a dependency analysis and a correlation analysis. We have designed and implemented both static analyses for a strongly-typed, functional language that handles structures, variants and arrays. The dependency analysis computes a conservative approximation of the input fragments on which functional properties and operations depend. The correlation analysis computes a safe approximation of the parts of an input state to a function that are copied to the output state. It summarizes not only what is modified but also how it is modified and to what extent. By employing these two static analyses and by subsequently reasoning based on their combined results, an interactive theo- rem prover can automate the discharching of proof obligations for unmodified parts of the state. We have applied both of our static analyses to a functional specification of a micro-kernel and the obtained results demonstrate both their precision and their scalability. v Acknowledgements First of all, I would like to express my gratitude to my two PhD advisors, Thomas Jensen and Stéphane Lescuyer, without whom this thesis would have been impossible. I thank them for their patience and dedication in guiding me throughout these years and for all the rigour that they instilled into me, by word and by their own example. Thomas, thank you for helping me put my work into perspective. Thank you for your encouragement when I was overwhelmed by doubts and for your optimism when I had none. Stéphane, thank you for your inspiring advices, for the rigorous proofreading, for the many interesting discussions and for your careful attention to my work. Know that this thank you note was written using Emacs to which I am happy to admit that you converted me. I am in debt to Dominique Bolignano for raising the possibility of this thesis and for creating the frame that allowed me to embark on this interesting journey and to explore the seas of research among an inspiring group of professionals - the Prove & Run team. I am grateful to and would like to wholeheartedly thank Catherine Dubois and Antoine Miné for accepting to review my dissertation. I am honoured to know that my 200+ pages have been read by experts of static analysis and formal verification and I am grateful for their valuable comments and remarks. I would also like to thank Sandrine Blazy and Sylvain Conchon for accepting to be members of the jury. Sylvain Conchon, I am grateful for your keen interest during my defense. Sandrine Blazy, thank you for accepting to chair my defense and for driving it in such a positive manner! For their understanding, their advice and their support during the transition period and the months before my defense, I would like to thank Claire Loiseaux and Carolina Lavatelli. I thank all of my colleagues at Prove & Run for our discussions and their advice during these years. I thank Florence for her warmth, energy and optimism, Erica and Henry for being such great office colleagues, Pauline and François for being friendly, reliable colleagues in the academic trenches. I am in debt to Olivier and Benoit for reviewing my articles and providing valuable remarks. I thank Pascale for smoothing out the stormy waves of administrative work. Though our interactions were briefer, I would like to also thank the Celtique members for their openness and for the inter- esting seminaries. A special thanks goes to Lydie Mabil for helping me deal with the administrative work during these years, and finally, for helping prepare the defense of my dissertation. This academic journey started long ago, even before I was aware, with the help of Marius Minea and Ovidiu Badescu, who unknowingly, motivated me to take this path years later. I warmly thank them and I am grateful to both for paving the first part of my academic path. I would also like to thank my friends, old and new, far and near. Thank you for always being there for me and providing perspective, enthusiasm and breaths of fresh air. Thank you as well for still being my friends despite the long, winded and geeky vi descriptions of my work and the occasionally cancelled plans and absences while I was trying to find my way into the research world. I lack the appropriate words to express the gratitude I feel towards my family for their never-ending love and support. I thank my mother and my sister for being such wonderful examples of women in science. I thank my father for his unwavering belief in me and for his love and respect for well-written sentences, no matter the context, which he instilled into me. I thank my brother-in-law for being the one who ignited early on the sparkle and interest for computers and mathematics, and my two wonderful nieces for always being my rays of light. Last but surely not least, I have only gratitude for Georges, my companion, my pillar of strength, my compass and lighthouse during the darkest moments. To quote Carl Sagan, in the vastness of space and immensity of time, it is my absolute joy to spend a planet and an epoch with you! vii Contents I Résumé étendu en Français xxiii I.1 Le Problème du Frame . xxiii I.2 Objectifs....................................xxiii I.3 Analyse de dépendance . xxiv I.4 Anaylse de corrélation ............................xxv I.5 Procédure de décision ............................xxv I.6 Conclusion . xxvi 1 Introduction 1 1.1 Formal Verification of Software ....................... 1 1.2 The Frame Problem in a Nutshell ...................... 5 1.3 Prove & Run: Objectives and Products ................... 7 1.4 Context and Problem Statement ...................... 9 1.5 Contributions and Structure of the Document . 11 2 The Frame Problem in Software Verification 13 2.1 Specification Languages and Verification Tools . 13 2.2 Manifestations of the Frame Problem .................... 16 2.3 Approaches to Specifying Frame Properties . 17 2.3.1 The Manual Approach ........................ 17 2.3.2 The Exclusive Approach ....................... 19 2.3.3 The Implicit Approach ........................ 21 2.4 Topologies and Effects ............................ 21 2.4.1 Explicit Footprints .......................... 23 2.4.2 Implicit Footprints .......................... 24 2.4.3 Predefined Footprints ........................ 25 2.5 Other Approaches to Reason about Frames . 26 2.6 Other Relevant Work ............................. 27 3 The Smart Language and ProvenTools 29 3.1 The Smart Modeling Language ....................... 29 3.1.1 Smart Predicates