Developing Verified Programs with Dafny

Rustan, K.; Leino, Mirka

doi:10.1007/978-3-642-27705-4_7

Cited by 13 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several systems inspired by Mizar have been developed since, including Isabelle/Isar [30] and Leino et. al's poC extension to Dafny [17]. These systems typically follow Mizar's format in not requiring the user to explicitly state the proof context.…”

Section: Related Workmentioning

confidence: 99%

Proving Calculational Proofs Correct

Walter,

Kumar,

Manolios

2023

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Teaching proofs is a crucial component of any undergraduate-level program that covers formal reasoning. We have developed a calculational reasoning format and refined it over several years of teaching a freshman-level course, "Logic and Computation", to thousands of undergraduate students. In our companion paper [28], we presented our calculational proof format, gave an overview of the calculational proof checker (CPC) tool that we developed to help users write and validate proofs, described some of the technical and implementation details of CPC and provided several publicly available proofs written using our format. In this paper, we dive deeper into the implementation details of CPC, highlighting how proof validation works, which helps us argue that our proof checking process is sound.

show abstract

Section: Related Workmentioning

confidence: 99%

Proving Calculational Proofs Correct

Walter,

Kumar,

Manolios

2023

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…The main types are: int for integers, nat for natural numbers, bool for booleans, set<T> and seq<T> for immutable sets and sequences of values of the generic type T, respectively, array<T>,array2<T>,...,arrayn <T> for n-dimensional arrays, and user-defined classes and inductive datatypes [2]. The built-in object type is a supertype of all class types, and, one of the major features of the latest release is the added support for char and string types [5].…”

Section: Language Featuresmentioning

confidence: 99%

“…One must however keep in mind that a lot of progress has been made on Dafny since 2008, and some of the statements in [7] no longer hold. For example, at the time of writing of [7], Dafny had no support for higherorder functions, but these have now been included as a new language feature in Dafny 1.9.1 [5]. Similarly, Dafny's current type system is very different from that presented in [7]; it now supports a much larger set of types, as can be seen from the latest version's type system documentation at http://research.microsoft.com/en-us/um/people/leino/papers/krml243.html [9].…”

Section: Resources and Related Workmentioning

confidence: 99%

Dafny: Statically Verifying Functional Correctness

Gauci¹

2014

Preprint

View full text Add to dashboard Cite

This report presents the Dafny language and verifier, with a focus on describing the main features of the language, including pre-and postconditions, assertions, loop invariants, termination metrics, quantifiers, predicates and frames. Examples of Dafny code are provided to illustrate the use of each feature, and an overview of how Dafny translates programming code into a mathematical proof of functional verification is presented. The report also includes references to useful resources on Dafny, with mentions of related works in the domain of specification languages.

show abstract

“…For languages with first-class specifications (e.g. JML [32,33,50,59,85]) prior work has considered both static verification [11,12,22,31,40,52,57,61,68,86] and random testing [16,18,24,92,101,104]. An important question often raised here is: why test when you could statically verify?…”

Section: Introductionmentioning

confidence: 99%

Finding Bugs with Specification-Based Testing is Easy!

Chin¹,

Pearce²

2021

Programming

View full text Add to dashboard Cite

Automated specification-based testing has a long history with several notable tools having emerged. For example, QuickCheck for Haskell focuses on testing against user-provided properties. Others, such as JMLUnit, use specifications in the form of pre-and post-conditions to drive testing. An interesting (and under-explored) question is how effective this approach is at finding bugs in practice. In general, one would assume automated testing is less effective at bug finding than static verification. But, how much less effective? To shed light on this question, we consider automated testing of programs written in Whiley -a language with first-class support for specifications. Whilst originally designed with static verification in mind, we have anecdotally found automated testing for Whiley surprisingly useful and cost-effective. For example, when an error is detected with automated testing, a counterexample is always provided. This has motivated the more rigorous empirical examination presented in this paper. To that end, we provide a technical discussion of the implementation behind an automated testing tool for Whiley. Here, a key usability concern is the ability to parameterise the input space, and we present novel approaches for references and lambdas. We then report on several large experiments investigating the tool's effectiveness at bug finding using a range of benchmarks, including a suite of 1800+ mutants. The results indicate the automated testing is effective in many cases, and that sampling offers useful performance benefits with only modest reductions in bug-finding capability. Finally, we report on some real-world uses of the tool where it has proved effective at finding bugs (such as in the standard library). ACM CCS 2012Software and its engineering → Software testing and debugging; Theory of computation → Automated reasoning;

show abstract

Developing Verified Programs with Dafny

Cited by 13 publications

References 1 publication

Proving Calculational Proofs Correct

Proving Calculational Proofs Correct

Dafny: Statically Verifying Functional Correctness

Finding Bugs with Specification-Based Testing is Easy!

Contact Info

Product

Resources

About