Viper A Verification Infrastructure for Permission based Reasoning - - PowerPoint PPT Presentation

▶

Oct 05, 2022 34 likes •139 views

Viper A Verification Infrastructure for Permission based Reasoning Peter Mller, ETH Zurich Joint work with Pietro Ferrara, Uri Juhasz, Ioannis Kassios, Milos Novacek, Malte Schwerhoff, and Alex Summers 2 Automatic Program Verification

SLIDE 1

Viper

A Verification Infrastructure for Permission based Reasoning

Peter Müller, ETH Zurich

Joint work with Pietro Ferrara, Uri Juhasz, Ioannis Kassios, Milos Novacek, Malte Schwerhoff, and Alex Summers

SLIDE 2

Automatic Program Verification

Most automatic deductive

verifiers use solvers for first

rder logic (Z3, CVC4)
Verification conditions are

computed via translation to intermediate verification language (Boogie, Why)

Many success stories: Corral,

Dafny, Frama-C, Spec#, VCC

Peter Müller – Dagstuhl, May 04, 2015

Intermediate verification language Verification condition generator Prover Front-end Programming & specification language Front-end Programming & specification language Front-end Programming & specification language

SLIDE 3

Verifiers for Permission Logics

Separation Logic (and other

permission logics) use custom logics to reason about heap- manipulating programs

Custom verification engines

(jStar, Smallfoot, VeriFast)

Custom decision procedures

(GRASShopper) or complex encodings (Chalice)

Peter Müller – Dagstuhl, May 04, 2015

Symbolic execution Prover Programming & specification language Symbolic execution Programming & specification language Symbolic execution Programming & specification language

SLIDE 4

Viper Viper Infrastructure

Peter Müller – Dagstuhl, May 04, 2015

Silver

Intermediate Language

Carbon

Boogie Encoding

Silicon

Symbolic Execution

Sample

Specification Inference

Boogie

VC Generation (Microsoft Research)

SMT solver (Microsoft Research)

Frontend Frontend Frontend

SLIDE 5

Language Overview of Silver

Top-level declarations
Fields
Methods
Heap-dependent

functions

Predicates
Domains

(uninterpreted functions and quantified axioms)

Statements
Assignments, calls,

conditionals, loops

inhale, exhale
fold, unfold
Types
Int, Bool, Ref, Perm
Set[T], Seq[T]
Types declared in

domains

Peter Müller – Dagstuhl, May 04, 2015

SLIDE 6

Example: Modeling Locks

Peter Müller – Dagstuhl, May 04, 2015

class C { int[ ] data; monitor invariant data_; void Foo( ) { acquire this; int i = data.length; while( 0 < i ) invariant data_; invariant holds( this ); { …; i = i – 1; } release this; } }

SLIDE 7

Example: Leak Check

Peter Müller – Dagstuhl, May 04, 2015

class C { int[ ] data; monitor invariant data_; void Foo( ) { acquire this; int i = data.length; while( 0 < i ) invariant data_; invariant holds( this ); { …; i = i – 1; } release this; } }

SLIDE 8

Example: Finite Blocking

Peter Müller – Dagstuhl, May 04, 2015

class C { int[ ] data; monitor invariant data_; void Foo( ) { acquire this; int i = data.length; while( 0 < i ) invariant data_; invariant holds( this, i ); { …; i = i – 1; } release this; } }

SLIDE 9

Viper Viper – Frontends

Peter Müller – Dagstuhl, May 04, 2015

Silver

Intermediate Language

OpenCL

Frontend (University of Twente)

Java

Frontend (University of Twente)

Scala

Frontend

Chalice

Frontend

Carbon

Boogie Encoding

Silicon

Symbolic Execution

Sample

Specification Inference

Boogie

VC Generation (Microsoft Research)

SMT solver (Microsoft Research)

SLIDE 10

Conclusion

Viper is useful to
Develop verifiers based on permission-logics
Prototype new verification techniques
Experiment with and integrate different back-ends
Next-Generation Concurrency
We have encoded message-passing and verified

certain liveness properties (via ranking functions)

We have not yet experimented with racy programs,

weak memory models, higher-order idioms

Peter Müller – Dagstuhl, May 04, 2015