1 / 8

Using and Building an Automatic Program Verifier

Using and Building an Automatic Program Verifier. K. Rustan M. Leino Research in Software Engineering ( RiSE ) Microsoft Research, Redmond. Lecture 1 LASER Summer School 2011 Elba, Italy 7 September 2011. Program verification. hand proofs (or hand waving).

umay
Download Presentation

Using and Building an Automatic Program Verifier

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using and Building an Automatic Program Verifier K. Rustan M. Leino Research in Software Engineering (RiSE) Microsoft Research, Redmond Lecture 1 LASER Summer School 2011 Elba, Italy 7 September 2011

  2. Program verification hand proofs (or hand waving) traditional mechanical program verification Dafnyand others functional correctness assurance level extended static checking limited checking human effort automaticdecisionprocedures (SMT solvers) interactiveproof assistants no machine assistance technology:

  3. Dafny • Object-based language • generic classes, no subclassing • object references, dynamic allocation • sequential control • Built-in specifications • pre- and postconditions • framing • loop invariants, inline assertions • termination • Specification support • Sets, sequences, inductive datatypes, … • User-defined recursive functions • Ghost variables

  4. Basics(assert, ensures, BVD, assume, requires, call, testing specs, debugging specs) demo Swap (parameters, globals, fields)

  5. When do tools kick in? • Run time • Compile time • Design time  closer to the time of program construction

  6. Reasoning about loops • A loop invariant • holds at the top of every iteration • is the only thing the verifier remembers from one iteration to another (about the variables being modified)  It is as if the loop body were not available while (B){ S;} Loop invariant holds here

  7. Loops demo Iterative Fibonacci, FindZero (linear search)

  8. Exercises • Binary search • Specify, implement, and verify binary search • Cubes • http://rise4fun.com/Dafny/Qch • Cubes, recursive • http://rise4fun.com/Dafny/6xO

More Related