Gradual verification of recursive heap data structures

Wise, Jenna; Bader, Johannes; Wong, Cameron; Aldrich, Jonathan; Tanter, Éric; Sunshine, Joshua

doi:10.1145/3428296

Cited by 13 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The withdraw call in Figure 3 elicits this check before the termination of monthEnd in order to ensure a valid account balance, but only for the path denoted by the conditional branch. Wise et al (2020) extended gradual verification to support heap-allocated data structures using implicit dynamic frames (IDF) (Smans et al, 2009). In addition, Viper uses IDF in its implementation of static verification.…”

Section: Gradual Verifier Architecturementioning

confidence: 99%

“…In addition to previously mentioned programs, our test suite is expanded to include tests that implement failing implementations from each issue in the issue tracker. A particularly interesting and significant issue was originally caught with the formalization of Gradual Verification from Wise et al (2020) regarding the internal output of Gradual C0 after the behavior had been formalized-Footprint Splitting. In this issue, Gradual C0 was not removing information from the optimistic heap, framed by an imprecise specification, when it should.…”

Section: Tool Analysismentioning

confidence: 99%

“…Inspired by gradual typing (Garcia et al 2016;Siek & Taha, 2006;Siek & Taha, 2007), with gradual verification the programmer gains control over the trade-offs between static and dynamic checking by way of partial specifications, allowing the behavior of unspecified components to be verified at run-time. Wise et al (2020) introduces the theory of gradual verification for programs that manipulate recursive heap data structures (trees, graphs, lists, etc.). 2022) also shows in a performance study that Gradual C0 reduces run-time overhead by 50-90% on average compared to dynamic verification.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Evaluating Soundness of a Gradual Verifier with Property Based Testing

Ramos

2023

CURJ

View full text Add to dashboard Cite

Gradual verification supports partial specifications by soundly applying static checking where possible and dynamic checking when necessary. This approach supports incrementality and provides a formal guarantee of verifiability. The first gradual verifier, Gradual C0, supports programs that manipulate recursive, mutable data structures on the heap and minimizes dynamic checks with statically available information. The design of Gradual C0 has been formally proven sound; however, this guarantee does not hold for its implementation. In this paper, we introduce a lightweight approach to testing soundness of Gradual C0's implementation. This approach uses Property Based Testing to empirically evaluate soundness by establishing a truthiness property of equivalence. Our approach verifies a test suite of incorrectly written programs and specifications with both Gradual C0 and a fully dynamic verifier for C0, and then asserts an equivalence between the results of the two verifiers using the dynamic verifier as ground truth. Any inconsistency between the results, indicates a problem in Gradual C0's implementation. We also show in this paper, as a proof of concept, that this lightweight approach to testing Gradual C0's soundness caught a number of significant implementation bugs from Gradual C0's issue tracker in GitHub. A number of these bugs were only previously caught by human inspections of internal output of the tool. An automated generator for the test suite is our next research step to increase the rigor of our evaluation and catch new bugs never found before.

show abstract

Section: Gradual Verifier Architecturementioning

confidence: 99%

Section: Tool Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating Soundness of a Gradual Verifier with Property Based Testing

Ramos

2023

CURJ

View full text Add to dashboard Cite

show abstract

“…Following the example of Gradual Dafny [18] and Gradual Verification [3,5,48] more generally should make testing easier. Ideally students would be able to run programs in a "test mode" where Dafny checks as many assertions, assumptions, and preand postconditions as possible dynamically.…”

Section: Experience With Dafnymentioning

confidence: 99%

“…Whereas the Dafny tool, although interactive, requires programmers to verify their whole program statically, Gradual Dafny [18] allows programmers to choose between static ("assert") and dynamic (run time "assume") verification for each invariant. Other gradual verification approaches have shown similar promise at partial verification, but with choices embodied in the tools themselves [3,45,5,48]. Coming at the problem from the other side, Müller & Ruskiewicz [41] demonstrated how standard program debuggers could be used to debug verification failures, by generating a modified program that reproduced the failure when run, and Christakis [12] integrated concolic testing tools and lower level solver debuggers into Dafny's IDE.…”

Section: Introductionmentioning

confidence: 99%

More Programming Than Programming: Teaching Formal Methods in a Software Engineering Programme

Noble¹,

Streader²,

Gariano³

et al. 2022

Preprint

View full text Add to dashboard Cite

Formal methods for software correctness are critical to the future of software engineering -and so must be an essential part of software engineering education. Unfortunately, formal methods are often resisted by students due to perceived difficulty, mathematicity, and practical irrelevance. We redeveloped our software correctness course by taking a programming intensive approach, using the solver-aided language Dafny to provide instant formative feedback via automated assessment. Our redeveloped course increased student retention and resulted in the best evaluation for the course for at least ten years.

show abstract