Gregory Malecha - Academia.edu (original) (raw)

Papers by Gregory Malecha

We describe a method for building composable and extensible verification procedures within the Co... more We describe a method for building composable and extensible verification procedures within the Coq proof assistant. Unlike traditional methods that rely on run-time generation and checking of proofs, we use verified-correct procedures with Coq soundness proofs. Though they are internalized in Coq's logic, our provers support sound extension by users with hints over new domains, enabling automated reasoning about user-defined abstract predicates. We maintain soundness by developing an architecture for modular packaging, construction, and composition of hint databases, which had previously only been implemented in Coq at the level of its dynamically typed, proof-generating tactic language. Our provers also include rich handling of unification variables, enabling integration with other tactic-based deduction steps within Coq. We have implemented our techniques in MirrorShard, an open-source framework for reflective verification. We demonstrate its applicability by instantiating it ...

Recent years have seen a proliferation of logics, from simple type systems to higher-order progra... more Recent years have seen a proliferation of logics, from simple type systems to higher-order program logics dealing with all the intricacies of machine code or concurrency. While developing new logics requires deep technical insight, evaluating their usefulness on real-world programs is a much more Herculean task, since existing automation techniques often do not support the rich features of new logics. In this work we detail a series of technical insights that enable a framework for formal proof engineering that supports modularity and extension. Our approach embraces computational reflection [1], the idea of proving by appeal to verified decision procedures. We extend the proof by reflection approach in three novel ways. First, we support openended verification procedures which allows us to carve off different logical domains and reason about them independently while retaining the ability to compose provers over different domains. Second, we support verified user extensions ranging ...

Abstract Modern hardware,description languages support code-generation constructs like generate/e... more Abstract Modern hardware,description languages support code-generation constructs like generate/endgenerate in Verilog. These constructs are intended to describe regular or parameterized hardware designs and, when used effectively, can make hardware descriptions shorter, more understandable, and more reusable. In practice, however, designers avoid these constructs because it is difficult to understand and predict the properties of the generated code. Is the generated

Proceedings of the 15th Symposium on Database Programming Languages - DBPL 2015, 2015

Lecture Notes in Computer Science, 2016

2015 ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE), 2015

Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10, 2010

Proceedings of the 14th Acm Sigplan International Conference, Aug 31, 2009

We present a new approach for constructing and verifying higherorder, imperative programs using t... more We present a new approach for constructing and verifying higherorder, imperative programs using the Coq proof assistant. We build on the past work on the Ynot system, which is based on Hoare Type Theory. That original system was a proof of concept, where every program verification was accomplished via laborious manual proofs, with much code devoted to uninteresting low-level details. In this paper, we present a re-implementation of Ynot which makes it possible to implement fully-verified, higher-order imperative programs with reasonable proof burden. At the same time, our new system is implemented entirely in Coq source files, showcasing the versatility of that proof assistant as a platform for research on language design and verification.

We consider software verification of imperative programs by theorem proving in higher-order separ... more We consider software verification of imperative programs by theorem proving in higher-order separation logic. Of particular interest are the difficulties of encoding and reasoning about sharing and aliasing in pointer-based data structures. Both of these are difficulties for reasoning in separation logic because they rely, fundamentally, on non-separate heaps. We show how sharing can be achieved while preserving abstraction using mechanized reasoning about fractional permissions in Hoare type theory.

In this paper we demonstrate how to prove the correctness of systems implemented using low-level ... more In this paper we demonstrate how to prove the correctness of systems implemented using low-level imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application developed with Ynot, a Coq library for verified imperative programming. We add a dialogbased I/O system to Ynot, and we extend Ynot's underlying Hoare logic with event traces to reason about I/O and protocol behavior. Expressive abstractions allow the modular verification of both high level specifications like privacy guarantees and low level properties like data structure pointer invariants.

Proceedings of the 30th Annual ACM Symposium on Applied Computing - SAC '15, 2015

The strong isolation guarantees of hardware virtualization have led to its widespread use. A cons... more The strong isolation guarantees of hardware virtualization have led to its widespread use. A consequence of this is that individual partitions contain much software that is designed to be used in a variety of environments and by a range of applications, while in practice only a limited subset is actually utilized. Similarly, the modular design of software has contributed greatly to the ability of application developers to quickly write sophisticated programs. However, in most instances only a small fraction of the functionality included in a particular software component is needed.

Lecture Notes in Computer Science, 2010

ABSTRACT We consider software verication of imperative programs by theorem proving in higher-orde... more ABSTRACT We consider software verication of imperative programs by theorem proving in higher-order separation logic. Of particular interest are the diculties of encoding and reasoning about sharing and aliasing in pointer-based data structures. Both of these are diculties for reason- ing in separation logic because they rely, fundamentally, on non-separate heaps. We show how sharing can be achieved while preserving abstrac- tion using mechanized reasoning about fractional permissions in Hoare type theory.

ACM SIGPLAN Notices, 2010

We report on our experience implementing a lightweight, fully verified relational database manage... more We report on our experience implementing a lightweight, fully verified relational database management system (RDBMS). The functional specification of RDBMS behavior, RDBMS implementation, and proof that the implementation meets the specification are all written and verified in Coq. Our contributions include: (1) a complete specification of the relational algebra in Coq; (2) an efficient realization of that model (B+ trees) implemented with the Ynot extension to Coq; and (3) a set of simple query optimizations proven to respect both semantics and run-time cost. In addition to describing the design and implementation of these artifacts, we highlight the challenges we encountered formalizing them, including the choice of representation for finite relations of typed tuples and the challenges of reasoning about data structures with complex sharing. Our experience shows that though many challenges remain, building fully-verified systems software in Coq is within reach.