Software verification with VeriFast: Industrial case studies

Philippaerts, Pieter; Mühlberg, Jan Tobias; Penninckx, Willem; Smans, Jan; Jacobs, Bart; Piessens, Frank

doi:10.1016/j.scico.2013.01.006

Cited by 37 publications

(35 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We distinguish between the total amount of annotations required to verify a function vs. their subset that specifies data structure manipulations only, i.e., those that are in the scope of our approach. Annotations are quantified in terms of separating conjuncts, which loosely correspond to lines of annotations as given in [15]. As dsOli remains a prototype tool, runtime is in the order of tens-of-minutes and requires a few GBs of RAM; since these factors depend on trace length and average points-to graph size, shorter, more representative traces can significantly reduce the requirements.…”

Section: Discussionmentioning

confidence: 99%

“…Local reasoning by means of separation logic [14] has been proposed as a way to tackle this challenge. A wellknown tool in this domain is VeriFast [15], a sound static verifier for C and Java programs. It modularly checks via symbolic execution [2] that each function in a program satisfies its specification, and enforces global invariants that guarantee the absence of illegal memory accesses and data races.…”

Section: Introductionmentioning

confidence: 99%

“…Permissions are passed to a function via a precondition and returned to a caller via a post-condition. To specify permissions for linked-list data structures, auxiliary recursive predicates must be defined [15]. However, these constructs typically require the provision of in-line annotations, i.e., machinery to complete the proof, since VeriFast does not fold and unfold predicates automatically.…”

Section: Introductionmentioning

confidence: 99%

“…While VeriFast has been successfully employed for industrial verification projects, the requirement that annotations must be written by a skilled verification engineer limits its use. It has been estimated that a verification engineer can verify about two lines of source code per hour [15].…”

Section: Introductionmentioning

confidence: 99%

“…VeriFast varies between 0.69 and 2.5 lines of annotation per line of code, and a verification engineer will verify an average of 2.17 lines of C/low-level Java code per hour [15]. Based on this data we can estimate that our approach has the potential to save a verification engineer significant time.…”

mentioning

confidence: 97%

See 4 more Smart Citations

Learning Assertions to Verify Linked-List Programs

Mühlberg

White

Dodds

et al. 2015

Software Engineering and Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. C programs that manipulate list-based dynamic data structures remain a challenging target for static verification. In this paper we employ a dynamic analysis to locate and identify data structure operations in a program, so as to automatically annotate that program with assertions in separation logic. These annotations comprise candidate pre/post-conditions and loop invariants suitable to statically verify memory safety with the verification tool VeriFast. By using both textbook and real-world examples on our prototype implementation, we show that the generated assertions are often discharged automatically. Even when this is not the case, candidate invariants are of great help to the verification engineer, significantly reducing the manual verification effort.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 97%

See 3 more Smart Citations

Learning Assertions to Verify Linked-List Programs

Mühlberg

White

Dodds

et al. 2015

Software Engineering and Formal Methods

Self Cite

View full text Add to dashboard Cite

show abstract

Generating Inductive Shape Predicates for Runtime Checking and Formal Verification

Boockmann

Lüttgen

Mühlberg

2018

Leveraging Applications of Formal Methods, Verification and Validation. Verification

Self Cite

View full text Add to dashboard Cite

Knowing the shapes of dynamic data structures is key when formally reasoning about pointer programs. While modern shape analysis tools employ symbolic execution and machine learning to infer shapes, they often assume well-structured C code or programs written in an idealised language. In contrast, our Data Structure Investigator (DSI) tool for program comprehension analyses concrete executions and handles even C programs with complex coding styles. Our current research on memory safety develops ways for DSI to synthesise inductive shape predicates in separation logic. In the context of trusted computing, we investigate how the inferred predicates can be employed to generate runtime checks for securely communicating dynamic data structures across trust boundaries. We also explore to what extent these predicates, together with additional information extracted by DSI, can be used within general program verifiers such as VeriFast. This paper accompanies a talk at the ISoLA 2018 track "A Broader View on Verification: From Static to Runtime and Back". It introduces DSI, highlights the above use cases, and sketches our approach for synthesising inductive shape predicates. MotivationFormally reasoning about the memory safety and security of C code executing on processors is a serious challenge, especially when dynamic data structures are involved. The advent of separation logic [18] for modularly specifying heap operations and data structure shapes has sparked a wealth of research in the computer-aided verification of pointer programs. This has led to the development of powerful static verifiers, including shape analysis tools such as Forester [9] and Infer [6, 7] and program verifiers such as VeriFast [17]. While the latter requires significant manual effort in annotating programs with contracts, recent automated shape analysis techniques employ machine learning [4,25] but assume well-structured code and a well-behaved execution environment. However, these

show abstract

A Decidable Logic for Tree Data-Structures with Measurements

Qiu

Wang

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Software verification with VeriFast: Industrial case studies

Cited by 37 publications

References 10 publications

Learning Assertions to Verify Linked-List Programs

Learning Assertions to Verify Linked-List Programs

Generating Inductive Shape Predicates for Runtime Checking and Formal Verification

A Decidable Logic for Tree Data-Structures with Measurements

Contact Info

Product

Resources

About