Zhaopeng Li,Zhong Zhuang,Yiyun Chen,Simin Yang,Zhenting Zhang,Dawei Fan

DOI: https://doi.org/10.1109/tase.2010.8

2010-01-01

Abstract:Proof-carrying code (PCC) is a technique that allows code consumers to check whether the code is safe to execute or not through a formal safety proof provided by the code producer. And a certifying compiler makes PCC practical by compiling annotated source code into low-level code and proofs. In this paper we present a certifying compiler for a subset of the C programming language, named Clike, with built-in automated theorem provers. Clike programs can be compiled by ANSI C compiler without any modification. Our compiler is intended to deal with data structures such as singly-linked lists, doubly-linked lists and trees. At the source level, we have designed a program logic combining a constrained first-order logic and a fragment of separation logic. We use a verification-condition-based method, and the generated verification conditions are sent to the built-in automated theorem prover. Our prover will generate proof terms when the input formula is valid. The low-level verification framework follows Hoare-style verification methods. The assembly code, its specification and proofs are generated automatically based on a variant of Stack-based Certifying Assembly Programming (SCAP). We implement our certifying compiler prototype in SML/NJ and build our prover libraries using the meta logic provided by Coq. We have used our prototype to successfully certify a considerable number of programs manipulating linked-lists and binary trees.

Jingyuan Cao,Ming Fu,Xinyu Feng

DOI: https://doi.org/10.1145/2676724.2693162

2015-01-01

Abstract:Proof automation is essential for large scale proof development such as OS kernel verification. An effective approach is to develop tactics and SMT solvers to automatically prove verification conditions. However, for complex systems, it is almost impossible to achieve fully automated verification and human interactions are unavoidable. So the key challenge here is, on the one hand, to reduce manual proofs as much as possible, and on the other hand, to provide user-friendly error messages when the automated verification fails, so that users could adjust specifications or the code accordingly, or to do part of the proofs manually.In this paper we propose a set of practical tactics for verifying C programs in Coq, including both tactics for automatically proving separation logic assertions and ones for automatic verification condition generation. In particular, we develop special tactics for verifying programs manipulating singly-linked lists. Using our tactics we are able to verify several C programs with one-line proof script. Another key feature of our tactics is that, if the tactics fail, they allow users to easily locate problems causing the failure by looking into the remaining subgoals, which greatly improves the usability when human interaction is necessary.

Yu Tan,Dianfu Ma,Lei Qiao

DOI: https://doi.org/10.1155/2021/8352267

2021-01-01

Wireless Communications and Mobile Computing

Abstract:With the rapid increase in the number of wireless terminals and the openness of wireless networks, the security of wireless communication is facing serious challenges. The safety and security of computer communication have always been a research hotspot, especially the wireless communication that still has a more complex architecture which leads to more safety problems in the communication system development. In recent years, more and more wireless communication systems are applied in the safety-critical field which tends to need high safety guarantees. A compiler is an important tool for system development, and its safety and reliability have an important impact on the development of safety-critical software. As the strictest method, formal verification methods have been widely paid attention to in compiler verification, but the current formal verification methods have some problems, such as high proof complexity, weak verification ability, and low algorithm efficiency. In this paper, a compiler formal verification method based on safety C subsets is proposed. By abstracting the concept of C grammar units from safety C subsets, the formal verification of the compiler is transformed into the verification of limited C grammar units. In this paper, an axiom system of first-order logic and special axioms are introduced. On this axiom system, the semantic consistency verification of C grammar unit and target code pattern is completed by means of theorem proving, and the formal verification of the compiler is completed.

Guo Li,Chen Yiyun,Li Long,Li Zhaopeng

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.21.019

2006-01-01

Abstract:As the high-trusted software plays more and more important role in today's information society,the requirement of sound programs greatly increases.To improve software soundness and security,it is a feasible approach for developers to strictly specify and prove programs safety properties based on formal proof tool.This paper describes the process and experience of building such security programs using proof assistant Coq.

Guangshuai Mo,Yan Xiong,Wenchao Huang,Lu Ma

DOI: https://doi.org/10.1109/BigCom51056.2020.00016

2020-01-01

Abstract:Proof assistants offer a formal language to write mathematical definitions, executable algorithms, and theorems together with an environment for interactive development of machine-checked proofs. Developers manually construct definitions and lemmas on proof assistants to prove the theorems. However, the time and labor costs of manually proving theorems in proof assistants remain prohibitively high. Therefore, proving the theorem automatically for the sizeable formal project becomes significant. In this paper, we propose SmartCoq, a proof search system that uses a dynamic strategy to solve the problem of automating the interaction with proof assistants. The design of our dynamic strategy is flexible and straightforward: it can automatically optimize itself based on theorems without manual intervention. SmartCoq uses dynamic strategies to learn from the wrong paths in the past and find a correct path to complete the proof. We demonstrate SmartCoq on the proof obligations from a large practical proof project, the CompCert verified C compiler, and the result shows that it can automatically solve 14.5% of proofs in our test dataset.

Bernd Finkbeiner,Geguang Pu,Lijun Zhang

DOI: https://doi.org/10.1007/978-3-319-24953-7

2015-01-01

Abstract:Computer hardware and software can be modeled precisely in mathematical logic. If expressed appropriately, these models can be executable, i.e., run on concrete data. This allows them to be used as simulation engines or rapid prototypes. But because they are formal they can be manipulated by symbolic means: theorems can be proved about them, directly, with mechanical theorem provers. But how practical is this vision of machines reasoning about machines? In this highly personal talk, I will describe the 45 year history of the “Boyer-Moore theorem prover,” starting with its use in Edinburgh, Scotland, to prove simple list processing theorems by mathematical induction (e.g., the reverse of the reverse of x is x) to its routine commercial use in the microprocessor industry (e.g., the floating point operations of the Via Nano 64-bit X86 microprocessor are compliant with the IEEE standard). Along the way we will see applications in program verification, models of instruction set architectures including the JVM, and security and information flow. I then list some reasons this project has been successful. The paper also serves as an annotated bibliography of the key stepping stones in the applications of the prover.

Yiyun Chen,Lin Ge,Baojian Hua,Zhaopeng Li,Cheng Liu

DOI: https://doi.org/10.1109/TASE.2007.19

2007-01-01

Abstract:Symmetry reduction is a technique that can help alleviate the problem of state space explosion in model checking. The idea is to verify only a subset of states from each class (orbit) of symmetric states. This paper presents a framework for symmetry ...

Qiyuan Xu,David Sanan,Zhe Hou,Xiaokun Luan,Conrad Watt,Yang Liu

2024-11-09

Abstract:Foundational verification considers the functional correctness of programming languages with formalized semantics and uses proof assistants (e.g., Coq, Isabelle) to certify proofs. The need for verifying complex programs compels it to involve expressive Separation Logics (SLs) that exceed the scopes of well-studied automated proof theories, e.g., symbolic heap. Consequently, automation of SL in foundational verification relies heavily on ad-hoc heuristics that lack a systematic meta-theory and face scalability issues. To mitigate the gap, we propose a theory to specify SL predicates using abstract algebras including functors, homomorphisms, and modules over rings. Based on this theory, we develop a generic SL automation algorithm to reason about any data structures that can be characterized by these algebras. In addition, we also present algorithms for automatically instantiating the algebraic models to real data structures. The instantiation reuses the algebraic models of component structures and preserves their data abstractions. Case studies on formalized imperative semantics show our algorithm can instantiate the algebraic models automatically for a variety of complex data structures. Experimental results indicate the automatically instantiated reasoners from our generic theory show similar results to the state-of-the-art systems made of specifically crafted reasoning rules. The presented theories, proofs, and the verification framework are formalized in Isabelle/HOL.

Programming Languages,Logic in Computer Science

Bing Li,Li Liu,Lian Li

DOI: https://doi.org/10.1109/ihmsc.2011.121

2011-01-01

Abstract:Automatic assessment of proving problems is very important is mathematic e-learning systems. It accepts the answer of a proving problem, which can be written in a controlled natural language, and then translates it into a formal proof, e.g. in Isabelle/Isar. The correctness of the original answer is equivalent to that of the formal one obtained from the translation, which can be verified in a theorem prover automatically. In this paper, we describe a method which can be used to verify such formal proofs in theorem proving systems.

Lu Yang,Chaochen Zhou,Naijun Zhan,Bican Xia

DOI: https://doi.org/10.1007/s11704-009-0074-7

2010-01-01

Frontiers of Computer Science in China

Abstract:In this paper, we summarize the results on program verification through semi-algebraic systems (SASs) solving that we have obtained, including automatic discovery of invariants and ranking functions, symbolic decision procedure for the termination of a class of linear loops, termination analysis of nonlinear systems, and so on.

LIU Cheng,CHEN Yi-yun,GE Lin,HUA Bao-jian

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.21.031

2007-01-01

Abstract:Certifying compiler is such a tool coming up with the increasing demands for higher reliability and safety of computer software.It combines the techniques in programming languages and program verifications.This paper describes some details in implementing our prototype of a certifying compiler.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Chuanhu Cheng,Yan Xiong,Wenchao Huang,Lu Ma

DOI: https://doi.org/10.1109/BigCom51056.2020.00018

2020-01-01

Abstract:Formal verification is a trustable method to produce correct, safe, and fast code. However, the cost of formal verification remains prohibitively high for most projects, as it requires significant manual effort by highly trained experts. In this paper, we propose a novel approach to proof automation in Coq that generates proof script based on context-awareness. We develop AutoMagic, an automatic theorem proving framework, which can use the generated proof script to achieve a fully automatic proof of the theorem. Our method is simple but pushes the limits of automatic proof. The performance of AutoMagic is evaluated in the Coq standard library. We show that 37.87% of the theorems can be proved in a push-button mode, and can be used to prove new theorems not previously provable by automated methods.

Lennart Beringer,Gordon Stewart,Robert Dockins,Andrew W. Appel

DOI: https://doi.org/10.1007/978-3-642-54833-8_7

2014-01-01

Abstract:We present a new architecture for specifying and proving optimizing compilers in the presence of shared-memory interactions such as buffer-based system calls, shared-memory concurrency, and separate compilation. The architecture, which is implemented in the context of CompCert, includes a novel interaction-oriented model for C-like languages, and a new proof technique, called logical simulation relations, for compositionally proving compiler correctness with respect to this interaction model. We apply our techniques to CompCert’s primary memory-reorganizing compilation phase, Cminorgen. Our results are formalized in Coq, building on the recently released CompCert 2.0.

Eyad Alkassar,Sascha Böhme,Kurt Mehlhorn,Christine Rizkallah

DOI: https://doi.org/10.48550/arXiv.1301.7462

2013-01-31

Abstract:Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current automatic verification tools and usually involves intricate mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm - yet it is all the user has to trust. The verification of checkers is feasible with current tools and leads to computations that can be completely trusted. We describe a framework to seamlessly verify certifying computations. We use the automatic verifier VCC for establishing the correctness of the checker and the interactive theorem prover Isabelle/HOL for high-level mathematical properties of algorithms. We demonstrate the effectiveness of our approach by presenting the verification of typical examples of the industrial-level and widespread algorithmic library LEDA.

Logic in Computer Science,Data Structures and Algorithms,Formal Languages and Automata Theory

Chenyuan Yang,Xuheng Li,Md Rakib Hossain Misu,Jianan Yao,Weidong Cui,Yeyun Gong,Chris Hawblitzel,Shuvendu Lahiri,Jacob R. Lorch,Shuai Lu,Fan Yang,Ziqiao Zhou,Shan Lu

2024-09-20

Abstract:Generative AI has shown its values for many software engineering tasks. Still in its infancy, large language model (LLM)-based proof generation lags behind LLM-based code generation. In this paper, we present AutoVerus. AutoVerus uses LLM to automatically generate correctness proof for Rust code. AutoVerus is designed to match the unique features of Verus, a verification tool that can prove the correctness of Rust code using proofs and specifications also written in Rust. AutoVerus consists of a network of LLM agents that are crafted and orchestrated to mimic human experts' three phases of proof construction: preliminary proof generation, proof refinement guided by generic tips, and proof debugging guided by verification errors. To thoroughly evaluate AutoVerus and help foster future research in this direction, we have built a benchmark suite of 150 non-trivial proof tasks, based on existing code-generation benchmarks and verification benchmarks. Our evaluation shows that AutoVerus can automatically generate correct proof for more than 90% of them, with more than half of them tackled in less than 30 seconds or 3 LLM calls.

Software Engineering,Artificial Intelligence,Formal Languages and Automata Theory

Heng-Ruo ZHANG,Ming FU

DOI: https://doi.org/10.13328/j.cnki.jos.005196

2017-01-01

Abstract:Formal verification is an effective approach to construct high confidence software.Verifying the functional correctness of complex system software by manually writing proof scripts in proof assistant tools is feasible with the low degree of automation,and the verification cost is relatively high.The automatic program verifiers verify programs by taking the annotated source code as their input to generate verification conditions automatically solved by SMT solvers.This approach has a high degree of automation,but it is impossible to verify the functional correctness of the entire system software.By combining the advantage of the above two methods,this paper implements a novel Coq tactic plug-in named "smt4coq",which allows calling the Z3 SMT solver in Coq to automatically prove mathematical propositions involved with 32-bit machine integers.The new tactic improves the degree of automation and reduces the cost of manual verification.

葛琳,陈意云,华保健,李兆鹏,刘诚

2008-01-01

Abstract:The formal specifications in assembly code certification are usually complicated.Some specifications can be automatically generated,but usually lack for expressiveness.Others are too complex to be generated automatically.Such specifications are usually written by programmers and they are a big burden on programmers.This paper presents a method for generating formal specifications automatically.It uses a certifying compiler to generate formal specifications for assembly code,so that programmers are freed from writing specifications for assembly code.The generated specifications are more expressive than those generated automatically by other existent methods.This paper mainly describes the implementation of this method in a certifying compiler.

Ludovic Font,Sébastien Cyr,Philippe R. Richard,Michel Gagnon

DOI: https://doi.org/10.4204/EPTCS.313.1

2020-02-28

Abstract:When working on intelligent tutor systems designed for mathematics education and its specificities, an interesting objective is to provide relevant help to the students by anticipating their next steps. This can only be done by knowing, beforehand, the possible ways to solve a problem. Hence the need for an automated theorem prover that provide proofs as they would be written by a student. To achieve this objective, logic programming is a natural tool due to the similarity of its reasoning with a mathematical proof by inference. In this paper, we present the core ideas we used to implement such a prover, from its encoding in Prolog to the generation of the complete set of proofs. However, when dealing with educational aspects, there are many challenges to overcome. We also present the main issues we encountered, as well as the chosen solutions.

Artificial Intelligence,Human-Computer Interaction,Logic in Computer Science

Shang-Ching Chou,Xiao-Shan Gao,Jing-Zhong Zhang

1996-01-01

Journal of Automated Reasoning

Abstract:We present a set of rules based on full-angles as the basis of automated geometry theorem proving. We extend the idea of eliminating variables and points to the idea of eliminating lines. We also discuss how to combine the forward chaining and backward chaining to achieve higher e-ciency. The prover based on the full-angle method has been used to produce short and elegant proofs for more than one hundred di-cult geometry theorems. The proofs of many of those theorems produced by our previous area method are relatively long.