CS 4160 Formal Verification Prof. Clarkson Spring 2019 Approaches - PowerPoint PPT Presentation

CS 4160 Formal Verification Prof. Clarkson Spring 2019

Approaches to validation • Social Less formal: Techniques may – Code reviews – miss problems in programs Extreme/Pair programming • Methodological – Design patterns All of these methods should be used! – Test-driven development – Version control – Bug tracking Even the most formal can still have holes: • Technological • did you prove the right thing? – Static analysis • do your assumptions match reality? (“lint” tools, FindBugs, …) – Fuzzers • Mathematical More formal: eliminate – Sound type systems with certainty as many problems – “Formal” verification as possible.

Verification • In the 1970s, scaled to about tens of LOC • Now, research projects scale to real software: – CompCert: verified C compiler – seL4: verified microkernel OS – Ynot: verified DBMS, web services • In another 40 years?

Automated theorem provers proof theorem prover counter- example timeout

Automated theorem provers • Z3 Z3: Microsoft started shipping with device driver developer's kit in Windows 7 • AC ACL2: used to verify AMD chip compliance with IEEE floating-point specification, as well as parts of the Java virtual machine

Proof assistant theorem assistant proof human guidance

Proof assistants • Nu NuPRL [Prof. Constable]: Formalization of mathematics, distributed protocols, security • Co Coq: CompCert, Ynot [Dean Morrisett]

COQ

Coq • 1984: 1984: Coquand and Huet implement Coq based on calculus of inductive constructions • 1992: 1992: Coq ported to Caml • Now implemented in OCaml Thierry Coquand 1961 –

Coq for program verification Verified Coq OCaml program program guidance with tactics Coq Proof of theorem theorem

Coq's full system

Subset of Coq we'll use

LOGISTICS

Prof. Michael Clarkson • PhD 2010 Cornell University • BS (CS) & BM (piano) 1999 Miami University • Regularly teach: CS 3110 (OCaml), CS 5430 (security) XI. — For Sundays throughout the Year. 46 • AMA: D&D, wine, Gregorian chant XI. — For Sundays throughout the Year. (Orbis factor) • I like hats (x) XIV-XVI. c. hr M=^ V. . . .-- Y-ri- e * e- le- i-son. iij. Chrfste b: '* . • e- le"-i-son.///. Ky'-ri-e e- le-i-son. */. Jtl*. V le- t-son. ri-e e- Another Chant (X ad libitum), p. 85. x. c. z r ___ J . 2 . G • • i • • 1 L6-ri- a in excelsis De- o. Et in tdrra pax ho- • C P, i-ftr 1 mf-ni-bus bonae volunta- tis. Laudamus te. Benedi- cimus • • ? ' - I n •**•; te. Ado-ramus te. Glo-ri-ficamus te. Gra-ti-as agi- -p ,- • • :=3 magnam am. D6mi-ne mus tf-bi propter glo-ri- am tu- i j _ 1 •_ S i — •r % • " •• • • ] J r 1 1 • • • 1 - us, Rex caelestis, D^-us Pater omni-potens. D6mi-ne A . . d Ff-li unig^ni-te, J^-su Chrf-ste. D6mi-ne Dd-us,

Course website https://www.cs.cornell.edu/courses/cs4160/2019sp/

Acknowledgment CS 4160 is based on the online textbook Software Foundations and especially on the work of Prof. Benjamin C. Pierce at the University of Pennsylvania and Prof. Andrew Appel at Princeton University in courses they teach.