Zongyan Qiu,Hong Ali,Liu Yijing

DOI: https://doi.org/10.1007/978-3-642-34281-3_13

2012-01-01

Abstract:Interface types in OO languages support polymorphism, abstraction and information hiding by separating interfaces from their implementations. The separation enhances modularity of programs, however, it causes also challenges to the formal verification. Here we present a study on interface types, and develop a specification and verification theory based on our former veriJ framework. We support multi-specifications for classes inherited from interfaces and the superclass, and keep the verification modularly without re-touching the verified code. The concepts developed in veriJ, namely the abstract specification and specification predicate, play important roles in this extension, and thus are proved widely useful and very natural in the formal proofs of OO programs.

Yijing Liu,Ali Hong,Zongyan Qiu

DOI: https://doi.org/10.1109/tase.2011.28

2011-01-01

Abstract:Specification and verification for object oriented (OO) programs remains a great challenge despite of decades' efforts. To address the problem, we propose a novel specification and verification framework, which supports abstraction and offers modularity via a set of scope and inheritance rules, and a concept called\emph{specification predicate}. The framework covers the most important OO features like encapsulation, inheritance and polymorphism, while only one specification per method is necessary. It can successfully deal with inheritance, keep still modularity in verification, and avoid re-verification of the implementation. We show how the framework can be integrated into an OO language, and use examples to illustrate how the specification and verification can be carried out in our framework following the structures of OO programs in an abstract and modular way.

Li Zhou,Gilles Barthe,Pierre-Yves Strub,Junyi Liu,Mingsheng Ying

DOI: https://doi.org/10.1145/3571222

2023-01-01

Proceedings of the ACM on Programming Languages

Abstract:CoqQ is a framework for reasoning about quantum programs in the Coq proof assistant. Its main components are: a deeply embedded quantum programming language, in which classic quantum algorithms are easily expressed, and an expressive program logic for proving properties of programs. CoqQ is foundational: the program logic is formally proved sound with respect to a denotational semantics based on state-of-art mathematical libraries (MathComp and MathComp Analysis). CoqQ is also practical: assertions can use Dirac expressions, which eases concise specifications, and proofs can exploit local and parallel reasoning, which minimizes verification effort. We illustrate the applicability of CoqQ with many examples from the literature.

Jianjun Zhao,Cheng Zhang,Sibo Zhang,Jiaming Zhang

2006-01-01

Abstract:VeriJava is a novel programming system, which extends Java lan- guage, with just a few new language constructs, to support adding contracts to Java. VeriJava consists of an object-oriented programming language called Veri- Java, a compiler for compiling VeriJava programs to Java bytecode, and a static verifier for assuring that the VeriJava code is consistent with its specifications. This paper discusses the goal and the overall programming approach of VeriJava. The paper also gives examples of VeriJava programs. On one hand, VeriJava pro- vides a way with assertions (pre- and postconditions, and class invariants), to support runtime checking such as debugging and testing. On the other hand, Ver- iJava also offers the possibility of automatic compile-time verifications such as checking the code of a method against its specification, checking that the specifi- cation of a subclass is compatible with the specification of its superclass.

Zheng Yang,Hang Lei

DOI: https://doi.org/10.48550/arxiv.1803.00403

2018-01-01

Abstract:In recent years, a number of lightweight programs have been deployed in critical domains, such as in smart contracts based on blockchain technology. Therefore, the security and reliability of such programs should be guaranteed by the most credible technology. Higher-order logic theorem proving is one of the most reliable technologies for verifying the properties of programs. However, programs may be developed by different high-level programming languages, and a general, extensible, and reusable formal memory (GERM) framework that can simultaneously support different formal verification specifications, particularly at the code level, is presently unavailable for verifying the properties of programs. Therefore, the present work proposes a GERM framework to fill this gap. The framework simulates physical memory hardware structure, including a low-level formal memory space, and provides a set of simple, nonintrusive application programming interfaces and assistant tools using Coq that can support different formal verification specifications simultaneously. The proposed GERM framework is independent and customizable, and was verified entirely in Coq. We also present an extension of Curry-Howard isomorphism, denoted as execution-verification isomorphism (EVI), which combines symbolic execution and theorem proving for increasing the degree of automation in higher-order logic theorem proving assistant tools. We also implement a toy functional programming language in a generalized algebraic datatypes style and a formal interpreter in Coq based on the GERM framework. These implementations are then employed to demonstrate the application of EVI to a simple code segment.

Zheng Yang,Hang Lei,Xia Yang

2018-01-01

Abstract:In recent years, a number of lightweight programs have been deployed in critical domains, such as in smart contracts based on blockchain technology. Therefore, the security and reliability of such programs should be guaranteed by the most credible technology. Higher-order logic theorem proving is one of the most reliable technologies for verifying the properties of programs. However, programs may be developed by different high-level programming languages, and a general, extensible, and reusable formal memory (GERM) framework that can simultaneously support different formal verification specifications, particularly at the code level, is presently unavailable for verifying the properties of programs. Therefore, the present work proposes a GERM framework to fill this gap. The framework simulates physical memory hardware structure, including a low-level formal memory space, and provides a set of simple, nonintrusive application programming interfaces and assistant tools using Coq that can support different formal verification specifications simultaneously. The proposed GERM framework is independent and customizable, and was verified entirely in Coq. We also present an extension of Curry-Howard isomorphism, denoted as execution-verification isomorphism (EVI), which combines symbolic execution and theorem proving for increasing the degree of automation in higher-order logic theorem proving assistant tools. We also implement a toy functional programming language in a generalized algebraic datatypes style and a formal interpreter in Coq based on the GERM framework. These implementations are then employed to demonstrate the application of EVI to a simple code segment.

Jianhua Zhao,Xuandong LI

DOI: https://doi.org/10.48550/arXiv.1311.7181

2013-11-28

Abstract:This paper presents a formal approach to specify and verify object-oriented programs written in the `programming to interfaces' paradigm. Besides the methods to be invoked by its clients, an interface also declares a set of abstract function/predicate symbols, together with a set of constraints on these symbols. For each method declared in this interface, a specification template is given using these abstract symbols. A class implementing this interface can give its own definitions to the abstract symbols, as long as all the constraints are satisfied. This class implements all the methods declared in the interface such that the method specification templates declared in the interface are satisfied w.r.t. the definitions of the abstract function symbols in this class. Based on the constraints on the abstract symbols, the client code using interfaces can be specified and verified precisely without knowing what classes implement these interfaces. Given more information about the implementing classes, the specifications of the client code can be specialized into more precise ones without re-verifying the client code. Several commonly used interfaces and their implementations (including Iterator, Observer, Comparable, and Comparator) are used to demonstrate that the approach in this paper is both precise and flexible.

Logic in Computer Science

Ali Hong,Yijing Liu,Zongyan Qiu

DOI: https://doi.org/10.1007/978-3-319-07602-7_12

2014-01-01

Abstract:A Abstraction is essential in component-based design and implementation of systems, however, it brings also challenges to the formal specification and verification. In this paper we develop a framework to support the abstract specification for the interfaces of components and their interactions, and the related verification. We show also that the abstract specification on the interface-level can be used to enforce correct implementations of the components. We take one practical application of the well-known MVC architecture as a case study. Although our work focuses on the OO based programs, some concepts and techniques developed in the work might be useful more broadly.

Joachim Breitner,Antal Spector-Zabusky,Yao Li,Christine Rizkallah,John Wiegley,Stephanie Weirich

DOI: https://doi.org/10.1145/3236784

2018-07-30

Proceedings of the ACM on Programming Languages

Abstract:Good tools can bring mechanical verification to programs written in mainstream functional languages. We use hs-to-coq to translate significant portions of Haskell’s containers library into Coq, and verify it against specifications that we derive from a variety of sources including type class laws, the library’s test suite, and interfaces from Coq’s standard library. Our work shows that it is feasible to verify mature, widely-used, highly optimized, and unmodified Haskell code. We also learn more about the theory of weight-balanced trees, extend hs-to-coq to handle partiality, and – since we found no bugs – attest to the superb quality of well-tested functional code.

Jesper Amilon,Zafer Esen,Dilian Gurov,Christian Lidström,Philipp Rümmer,Marten Voorberg

2024-12-09

Abstract:In deductive verification and software model checking, dealing with certain specification language constructs can be problematic when the back-end solver is not sufficiently powerful or lacks the required theories. One way to deal with this is to transform, for verification purposes, the program to an equivalent one not using the problematic constructs, and to reason about this equivalent program instead. In this article, we propose program instrumentation as a unifying verification paradigm that subsumes various existing ad-hoc approaches, has a clear formal correctness criterion, can be applied automatically, and can transfer back witnesses and counterexamples. We illustrate our approach on the automated verification of programs that involve quantification and aggregation operations over arrays, such as the maximum value or sum of the elements in a given segment of the array, which are known to be difficult to reason about automatically. We implement our approach in the MonoCera tool, which is tailored to the verification of programs with aggregation, and evaluate it on example programs, including SV-COMP programs.

Logic in Computer Science

Qi Zhou,David Heath,William Harris

DOI: https://doi.org/10.4204/EPTCS.296.6

2019-07-09

Abstract:Relational properties describe relationships that hold over multiple executions of one or more programs, such as functional equivalence. Conventional approaches for automatically verifying such properties typically rely on syntax-based, heuristic strategies for finding synchronization points among the input programs. These synchronization points are then annotated with appropriate relational invariants to complete the proof. However, when suboptimal synchronization points are chosen the required invariants can be complicated or even inexpressible in the target theory. In this work, we propose a novel approach to verifying relational properties. This approach searches for synchronization points and synthesizes relational invariants simultaneously. Specifically, the approach uses synthesized invariants as a guide for finding proper synchronization points that lead to a complete proof. We implemented our approach as a tool named PEQUOD, which targets Java Virtual Machine (JVM) bytecode. We evaluated PEQUOD by using it to solve verification challenges drawn from the from the research literature and by verifying properties of student-submitted solutions to online challenge problems. The results show that PEQUOD solve verification problems that cannot be addressed by current techniques.

Programming Languages,Logic in Computer Science

Liu Yijing,Qiu Zongyan

DOI: https://doi.org/10.1007/978-3-642-27269-1_6

2012-01-01

Abstract:We present a general storage model that reflects features of object oriented (OO) languages with pure reference semantics. Based on this model, we develop an OO Separation Logic (OOSL) to specify and verify OO programs. Many inference rules in the Separation Logic still hold in OOSL. Additionally, OOSL has certain properties important to OO reasoning. We introduce HoareTriple for a small OO language, and use the Schorr-Waite Marking Algorithm as a verification example.

Guojun Xie,Huanhuan Yang,Gang Chen

DOI: https://doi.org/10.1016/j.jlamp.2024.100972

IF: 1.088

2024-05-01

Journal of Logical and Algebraic Methods in Programming

Abstract:As robotic applications continue to expand and task complexity increases, the adoption of more advanced and sophisticated control algorithms and models becomes critical. Traditional methods, relying on manual abstraction and modeling to verify these algorithms and models, may not fully encompass all potential design paths, leading to incomplete models, design defects, and increased vulnerability to security risks. The verification of control systems using formal methods is crucial for ensuring the safety of robots. This paper introduces a formal verification framework for robot kinematics implemented in Coq. It constructs a formal proof for the theory of robot motion and control algorithms, specifically focusing on the theory of robot kinematics, which includes the homogeneous representation of robot coordinates and the transformation relations between different coordinate systems. Subsequently, we provide formal definitions and verification for several commonly used structural robots, along with their coordinate transformation algorithms. Finally, we extract the Coq code, convert the functional algorithms into OCaml code, and perform data validation using various examples. It is worth emphasizing that the framework we have built possesses a high level of reusability, providing a solid technological foundation for the development of kinematics theorem libraries.

computer science, theory & methods,logic

Ling Xiao,Ming Gu,Jiaguang Sun

2011-01-01

Abstract:COQ is an interactive theorem proving tool. The paper abstractly describes the feature of COQ, the architecture and working modes of PLC program with the example of typical PLC. It also introduces the first-order logic syntax and semantics of Intuitionistic Logic. It briefly introduces the main Gallina language syntax elements, the corresponding use methods and main theorem proving tactic on COQ. The work has modeled kernel data type and basic statements and and the denotational semantics of PLC program with Gallina. It has given the correctness proof of PLC program based on theorem proving, i.e. based on semantics function the relationship of configuration between the before codes execution and the after is proved. The main purpose is to prove whether a PLC program satisfies certain nature within a scan period.

Xiyue Zhang,Meng Sun

DOI: https://doi.org/10.18293/seke2018-023

2018-01-01

Abstract:The coordination language Reo has played an important role in organizing the interactions among different components in large-scale distributed applications. A probabilistic extension on classical Reo is necessary to deal with the uncertainty of the real world. In this paper we developed a framework in Coq for formalizing probabilistic connectors and reasoning about their probabilistic properties. Different types of probabilistic channels are characterized by the relations on their input and output timed data distribution streams. More complex probabilistic connectors can be further constructed based on the probabilistic channels and composition operators. Within such a framework, properties under analysis and refinement / equivalence relations between probabilistic connectors can be naturally established as theorems and proved using tactics in Coq.

Yijing Liu,Quan Long,Qiu Zongyan

2009-01-01

Abstract:For the object oriented paradigm, providing a relatively rich model language equipped with formal semantics for practical reasoning is an important and long-standing open problem. In this work, μJava, a sufficient large subset of sequential Java is defined. An OO Separation Logic with pure reference semantic model is developed. Facilitated by this logic, the Weakest Precondition (WP) semantics for μJavais defined, and its soundness and completeness are proved. As far as we know, this is the first work on the completeness of such a semantics. Some key properties are shown still hold, especially the frame rule that is important for local reasoning. Additionally, we find some properties absent in the original Separation Logic, but important for OO reasoning. We introduce Hoare Triple based on the WP semantics. As the application and illustration of how the WP semantics serve the verification of OO programs, some examples are given, with the class invariant proof in a case study. We anticipate that this work would be helpful for the disciplines of OO software verification and refinement.

Thomas Braibant

DOI: https://doi.org/10.48550/arXiv.1108.4253

2011-08-22

Abstract:We propose a new library to model and verify hardware circuits in the Coq proof assistant. This library allows one to easily build circuits by following the usual pen-and-paper diagrams. We define a deep-embedding: we use a (dependently typed) data-type that models the architecture of circuits, and a meaning function. We propose tactics that ease the reasoning about the behavior of the circuits, and we demonstrate that our approach is practicable by proving the correctness of various circuits: a text-book divide and conquer adder of parametric size, some higher-order combinators of circuits, and some sequential circuits: a buffer, and a register.

Logic in Computer Science

Yulun Wu,Bohua Zhan,Bican Xia

2024-03-20

Abstract:We present the design and implementation of a tool for semi-automatic verification of functional specifications of operating system modules. Such verification tasks are traditionally done in interactive theorem provers, where the functionalities of the module are specified at abstract and concrete levels using data such as structures, algebraic datatypes, arrays, maps and so on. In this work, we provide encodings to SMT for these commonly occurring data types. This allows verification conditions to be reduced into a form suitable for SMT solvers. The use of SMT solvers combined with a tactic language allows semi-automatic verification of the specification. We apply the tool to verify functional specification for key parts of the uC-OS/II operating system, based on earlier work giving full verification of the system in Coq. We demonstrate a large reduction in the amount of human effort due to increased level of automation.

Symbolic Computation,Logic in Computer Science

Karl Palmskog,Enrico Tassi,Théo Zimmermann

DOI: https://doi.org/10.48550/arXiv.2203.09835

2022-03-18

Abstract:The Coq Platform is a continuously developed distribution of the Coq proof assistant together with commonly used libraries, plugins, and external tools useful in Coq-based formal verification projects. The Coq Platform enables reproducing and extending Coq artifacts in research, education, and industry, e.g., formalized mathematics and verified software systems. In this paper, we describe the background and motivation for the Platform, and outline its organization and development process. We also compare the Coq Platform to similar distributions and processes in the proof assistant community, such as for Isabelle and Lean, and in the wider open source software community.

Logic in Computer Science,Digital Libraries

Yi Li,Meng Sun

DOI: https://doi.org/10.1016/j.scico.2015.10.016

IF: 1.039

2015-01-01

Science of Computer Programming

Abstract:Connectors have emerged as a powerful concept for composition and coordination of concurrent activities encapsulated as components and services. Compositional coordination languages like Reo, serve as a means to formally specify and implement connectors. They support large-scale distributed applications by allowing construction of complex component connectors out of simpler ones. In this paper, we present a new approach to modeling and verification of Reo connectors via Coq, a proof assistant based on higher-order logic and A.-calculus. Basic notions in Reo, like nodes and channels, are defined by inductive types. By tracing the data streams, we provide a method for simulation of the behavior and output of a given Reo connector. With input constraints specified, connectors' properties can be proved by induction. Furthermore, properties specified in LTL can be verified using a simulation-based model-checking approach. An access control system is investigated to show our approach. (C) 2015 Elsevier B.V. All rights reserved.