Program Verification in the Presence of I/O

Férée, Hugo; Pohjola, Johannes Åman; Kumar, Ramana; Owens, Scott; Myreen, Magnus O.; Ho, Son

doi:10.1007/978-3-030-03592-1_6

Cited by 5 publications

(3 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the CakeML proof-producing translator [32] automatically synthesizes verified source code from pure algorithmic specifications; the CakeML characteristic formula (CF) framework [14] provides a separation logic which can be used to manually verify (more efficient) imperative code for performance-critical parts of the proof checker. (2) CakeML provides a foreign function interface (FFI) and a corresponding formal FFI model [10]. These are used to verify system call interactions, e.g., file I/O and command-line interfaces, under carefully specified assumptions.…”

Section: Hol4 and Cakemlmentioning

confidence: 99%

See 1 more Smart Citation

cake_lpr: Verified Propagation Redundancy Checking in CakeML

Tan

Heule

Myreen

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Modern SAT solvers can emit independently checkable proof certificates to validate their results. The state-of-the-art proof system that allows for compact proof certificates is propagation redundancy (PR). However, the only existing method to validate proofs in this system with a formally verified tool requires a transformation to a weaker proof system, which can result in a significant blowup in the size of the proof and increased proof validation time. This paper describes the first approach to formally verify PR proofs on a succinct representation; we present (i) a new Linear PR (LPR) proof format, (ii) a tool to efficiently convert PR proofs into LPR format, and (iii) , a verified LPR proof checker developed in CakeML. The LPR format is backwards compatible with the existing LRAT format, but extends the latter with support for the addition of PR clauses. Moreover, is verified using CakeML ’s binary code extraction toolchain, which yields correctness guarantees for its machine code (binary) implementation. This further distinguishes our clausal proof checker from existing ones because unverified extraction and compilation tools are removed from its trusted computing base. We experimentally show that LPR provides efficiency gains over existing proof formats and that the strong correctness guarantees are obtained without significant sacrifice in the performance of the verified executable.

show abstract

Section: Hol4 and Cakemlmentioning

confidence: 99%

“…The final correctness theorem is given in Appendix A. Briefly, it shows that if the cake_lpr executable prints the string "s VERIFIED UNSAT\n" to the standard output stream (in CakeML's FFI model [10]), then the input (parsed) DIMACS file is an unsatisfiable CNF.…”

Section: Verification Strategymentioning

confidence: 99%

cake_lpr: Verified Propagation Redundancy Checking in CakeML

Tan

Heule

Myreen

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The most comprehensive prior work connecting verified programs to the implementation of I/O operations is that of Férée et al [5] in CakeML, a functional language with I/O connected to a verified compiler and verified hardware. As in our approach, the language is parameterized by functional specifications for external functions, backed by proofs at a lower level.…”

Section: Related Workmentioning

confidence: 99%

Connecting Higher-Order Separation Logic to a First-Order Outside World

Mansky

Honoré

Appel

2020

Programming Languages and Systems

View full text Add to dashboard Cite

Separation logic is a useful tool for proving the correctness of programs that manipulate memory, especially when the model of memory includes higher-order state: Step-indexing, predicates in the heap, and higher-order ghost state have been used to reason about function pointers, data structure invariants, and complex concurrency patterns. On the other hand, the behavior of system features (e.g., operating systems) and the external world (e.g., communication between components) is usually specified using first-order formalisms. In principle, the soundness theorem of a separation logic is its interface with first-order theorems, but the soundness theorem may implicitly make assumptions about how other components are specified, limiting its use. In this paper, we show how to extend the higher-order separation logic of the Verified Software Toolchain to interface with a first-order verified operating system, in this case CertiKOS, that mediates its interaction with the outside world. The resulting system allows us to prove the correctness of C programs in separation logic based on the semantics of system calls implemented in CertiKOS. It also demonstrates that the combination of interaction trees + CompCert memories serves well as a lingua franca to interface and compose two quite different styles of program verification.

show abstract

Verified Propagation Redundancy and Compositional UNSAT Checking in CakeML

Tan

Heule

Myreen

2023

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Modern SAT solvers can emit independently-checkable proof certificates to validate their results. The state-of-the-art proof system that allows for compact proof certificates is propagation redundancy ($$\textsf{PR}$$ PR ). However, the only existing method to validate proofs in this system with a formally verified tool requires a transformation to a weaker proof system, which can result in a significant blowup in the size of the proof and increased proof validation time. This article describes the first approach to formally verify $$\textsf{PR}$$ PR proofs on a succinct representation. We present (i) a new Linear PR (LPR) proof format, (ii) an extension of the tool to efficiently convert $$\textsf{PR}$$ PR proofs into LPR format, and (iii) , a verified LPR proof checker developed in CakeML. We also enhance these tools with (iv) a new compositional proof format designed to enable separate (parallel) proof checking. The LPR format is backwards compatible with the existing LRAT format, but extends LRAT with support for the addition of $$\textsf{PR}$$ PR clauses. Moreover, is verified using CakeML ’s binary code extraction toolchain, which yields correctness guarantees for its machine code (binary) implementation. This further distinguishes our clausal proof checker from existing checkers because unverified extraction and compilation tools are removed from its trusted computing base. We experimentally show that: LPR provides efficiency gains over existing proof formats; ’s strong correctness guarantees are obtained without significant sacrifice in its performance; and the compositional proof format enables scalable parallel proof checking for large proofs.

show abstract

Program Verification in the Presence of I/O

Abstract: The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.

Cited by 5 publications

References 29 publications

cake_lpr: Verified Propagation Redundancy Checking in CakeML

cake_lpr: Verified Propagation Redundancy Checking in CakeML

Connecting Higher-Order Separation Logic to a First-Order Outside World

Verified Propagation Redundancy and Compositional UNSAT Checking in CakeML

Contact Info

Product

Resources

About