The HOL-UNITY verification system (original) (raw)

Lecture Notes in Computer Science, 1994

HOL-UNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOL-UNITY. As an example it is proved that a lift-control program satis es a given progress property. The proof is compositional and partly automated. The progress property is decomposed into basic safety and progress properties, which are proved automatically by a developed tactic based on a combination of Gentzen-like proof methods and Pressburger decision procedures. The proof of the decomposition which includes induction is done mechanically using the inference rules of the UNITY logic implemented as theorems in HOL. The paper also contains some empirical results of running the developed tactic in HOL88 and HOL90, respectively. It turns out that HOL90 in average is about 9 times faster than HOL88. Finally, we discuss various ways of improving the tactic.

HOL-Boogie — An Interactive Prover for the Boogie Program-Verifier

Lecture Notes in Computer Science, 2008

Boogie is a program verification condition generator for an imperative core language. It has front-ends for the programming languages C# and C enriched by annotations in first-order logic. Its verification conditions -constructed via a wp calculus from these annotations -are usually transferred to automated theorem provers such as Simplify or Z3. In this paper, however, we present a proofenvironment, HOL-Boogie, that combines Boogie with the interactive theorem prover Isabelle/HOL. In particular, we present specific techniques combining automated and interactive proof methods for codeverification. We will exploit our proof-environment in two ways: First, we present scenarios to "debug" annotations (in particular: invariants) by interactive proofs. Second, we use our environment also to verify "background theories", i.e. theories for data-types used in annotations as well as memory and machine models underlying the verification method for C.

Design for verification for concurrent and distributed programs

2005

Design for Verification for Concurrent and Distributed Programs by Aysu Betin-Can In this dissertation we present a design for verification (DFV) approach that embeds intentions of developers into software and makes software systems amenable to automated verification; hence, making the automated verification techniques scalable to large systems. In this DFV approach, we use 1) behavioral interfaces that isolate the behavior and enable modular verification, 2) an assume-guarantee style verification strategy that separates verification of the behavior from the verification of the conformance to the interface specifications, 3) a general model checking technique for interface verification, and 4) domain specific and specialized verification techniques for behavior verification. We realize our DFV approach for concurrent programming by introducing the concurrency controller pattern. We aim to eliminate synchronization errors in concurrent Java programs. We use the Action Language Verifier to verify the concurrency controller behaviors by an automated translation from their Java implementations. We have applied this framework to two software systems: a concurrent text editor and a safety critical air traffic control software called TSAFE. To demonstrate the applicability of our DFV approach to another application domain, we introduce the peer controller pattern for asynchronously communicating viii web services. Our goal is both to analyze properties of interactions among the participating peers and to validate the conformance of peer implementations to their behavioral specifications. We use the SPIN model checker to verify the interaction properties. We adapt synchronizability analysis to enable behavior verification with respect to unbounded asynchronous communication queues. We extend this approach with an hierarchical interface model for compact representation of peer interfaces. We use the Java PathFinder for interface verification in both application domains. We present techniques for thread isolation which improve the efficiency of interface verification.

Automatic Program Verification III: A Methodology for Verifying Programs

National Technical Infornation Servici U. S. DEPARTMENT OF COMMERCE ' ■ mim mCLAüüIl IED SECURITY CLASSIFICATION OF THIS PAGEfHT,», D.I. Enl.r.rfJ lhe_paper investigates msthods for applying an on-line interactive vtnlication system derigned to prove properties or PASCAL programs. The methodology is intended to provide techniques for developing a debugged and verified version startin,: from a program, that (a) is possibly unfinished in some respects, (b) may not satisfy the given specmcations, e.g., may contain bugs, (c) may have incomplete documentation, (d) may be written in non-standard ways, e.g.. may depend on user-defined data structures. The methodology involves (i) interactive application of a verification condition generator, an algebraic simplifier and a theorem-prcver; Uij techniques for describing data structures, type constraints, and properties of programs and subprograms (i.e. lower level procedures); [Hi the use of (abstract) data types in structuring programs and proofs. Within each unit (i.e. segment of a problem), the interactive use is aimea at reducing verification conditions to manageable proportions so that the non-trivial factors may be analysed. Analysis of verification conditions attempts to localize errors in the program logic, to extend assertions inside the program, to spotlight additional assumptions on program subfunctions (beyond those already specified oy the programmer), and to generate appropriate lemmas that allow a verification to be completed. Methods for structuring correctness proofs are discussed that are similar to those of "structured programming-, A detailed case study of a pattern matching algorithm illustrating the various aspects of the methodology (including the role played by the user) is given. ii UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGEfirh»n Oaf« Km.r.dJ " wmm'*^^*'*

Some issues in the software engineering of verification tools

1999

The Edinburgh Concurrency Workbench has been the author's responsibility for the past four years, having been under development for eight years before that. Over its lifetime, we have learnt many lessons and encountered many questions about verification tool development, both from bitter experience and from discussion with other tool developers and users. This note raises some of them for wider discussion.

VeriAgent: an Approach to Integrating UML and Formal Verification Tools

Electronic Notes in Theoretical Computer Science, 2004

The mathematical notations of Formal Verification Tools (FVTs) do not prevent us from wrongly defining the behavior of systems, any more than UML-based CASE tools do. Both technologies have their advantages: respectively, precise and well defined semantics or high-level graphical notation. Unfortunately, these technologies are not fully integrated and usable in a single tool. With software rapidly growing in size and complexity, graphical specifications in languages like UML need to be formally verified, before the implementation phase, in order to guarantee the development of more reliable systems. While the enterprise of integrating CASE and FVTs has had reasonable success with the translation of simple diagrams to model checkers' notations, integration at the level of returning verification results to users was lacking. In this work we present a protocol interface for joining both technologies as a reliable solution to bridging this gap.

Interfacing program construction and verification

Lecture Notes in Computer Science, 1999

Math∫pad is a document preparation system designed and developed by the authors and oriented towards the calculational construction of programs. PVS (Prototype Verification System) is a theorem checker developed at SRI that has been extensively used for verifying software, in particular in safety-critical applications. This paper describes how these two systems have been combined into one. We discuss the potential benefits of the combination seen from the viewpoint of someone wanting to use formal methods for the construction of computer programs, and we discuss the architecture of the combined system for the benefit of anyone wanting to investigate combining the Math∫pad system with other programming tools.

VeriAgent: an Approach to Integrating UML and Formal Verification Tools*1

Electronic Notes in Theoretical Computer Science, 2004

HOL-Boogie—An Interactive Prover-Backend for the Verifying C Compiler

Journal of Automated Reasoning, 2010

Boogie is a verification condition generator for an imperative core language. It has front-ends for the programming languages C# and C enriched by annotations in first-order logic, i. e. pre-and postconditions, assertions, and loop invariants. Moreover, concepts like ghost fields, ghost variables, ghost code and specification functions have been introduced to support a specific modeling methodology. Boogie's verification conditions-constructed via a wp calculus from annotated programs-are usually transferred to automated theorem provers such as Simplify or Z3. This also comprises the expansion of language-specific modeling constructs in terms of a theory describing memory and elementary operations on it; this theory is called a machine/memory model. In this paper, we present a proof environment, HOL-Boogie, that combines Boogie with the interactive theorem prover Isabelle/HOL, for a specific C front-end and a machine/memory model. In particular, we present specific techniques combining automated and interactive proof methods for code verification. The main goal of our environment is to help program verification engineers in their task to "debug" annotations and to find combined proofs where purely automatic proof attempts fail.

The HOL-UNITY verification system (original) (raw)

Related papers