Verification
URI permanente para esta colección:
Artículos en la categoría Verification publicados en las Actas de las XV Jornadas de Programación y Lenguajes (PROLE 2015).
Notificar un error en esta colección
Examinar
Envíos recientes
Resumen Abstract Diagnosis for tccp using a Linear Temporal LogicComini, M.; Titolo, L.; Villanueva, A.. Actas de las XV Jornadas de Programación y Lenguajes (PROLE 2015), 2015-09-15.This extended abstract is a summary of [5], where we provided an automatic decision method to check whether a given property, specified in a linear temporal logic, is valid w.r.t. a tccp program. Our proposal (based on abstract interpretation techniques) does not require to build any model of the program, in constrast with standard verification methods such as model checking. Our results guarantee correctness but, as usual when using an abstract semantics, completeness is lost.Resumen An Assertional Proof of the Stability and Correctness of Natural MergesortRustan M. Leino, K.; Lucio, Paqui. Actas de las XV Jornadas de Programación y Lenguajes (PROLE 2015), 2015-09-15.Natural Mergesort [9] is a sorting algorithm for linear data structures (arrays and lists) that has been widely studied mainly due to its good properties. It has Nlog(N) worst-case complexity and, even in the case of arrays, is slightly easier to code than heapsort. Further, it performs very well on input data that is already mostly sorted. Another good property is stability. A sorting algorithm is stable if it maintains the relative order of records with equal keys. The most obvious application of a stable algorithm is sorting using different (primary, secondary, etc.) keys. Stability is, as we show in lemma EqMultisets, stronger than the property of preserving the multiset of elements (from the input list to the sorted output list). Hence, stability, along with sortedness, implies the correctness of sorting algorithms (including the permutation property). Recently, Sternagel [13] has published an Isabelle/HOL proof of the correctness and stability of natural mergesort as a proof pearl. Sternagel [13], firstly, specifies the algorithm as a functional program and, then, formalizes and proves the desired properties using the proof-assistant Isabelle/HOL. The proof is non-assertional and uses higher-order constructions. Indeed, it is strongly based on two skillful ad-hoc induction schemes. The first one for handling the mutually recursive functions involved in the splitting of the input into ascending sequences. The second induction scheme is related to the merging of the ascending lists. Correctness and stability are deduced from auxiliary lemmas which are proved by means of these induction schemes and with the help of a subtle generalization of the predicate sorted. The definition of that generalization and the induction schemes require the power of higher-order logic. In particular, the stability property is formalized in higher-order logic. More recently, de Gouw et al. [7] discussed a semi-automated formal proof of the correctness and stability of two sorting algorithms on arrays: Counting sort and Radix sort. This proof is formalized using the theorem-prover KeY [2]. The implementation code is written in Java. The specification is written (using the Java Modeling Language, JML) in an extension of first-order logic with permutation predicates, which have recently been added [1] to the KeY system. There are many other formalizations of the natural mergesort algorithm and also of different sorting algorithms (e.g. insertion sort, quicksort, heapsort, radix sort, etc.) in various systems, such as Coq [3], Isabelle/HOL [12], Why3 [6], ACL2 [8], KeY [2], etc. However, to the best of our knowledge, stability is only considered in [13], [7], and in our assertional proof. In this paper, we present an implementation of natural mergesort over an algebraic data type of lists. The code is enriched with its contract-based specification and a proof of its correctness and its stability. Our proof is assertional, i.e. it uses assert statements, inserted in the code, to enable the (fully) automatic verification. The assertions are first-order formulas that explain how and why the program works. The proof is supported by a few definitions that are easy to understand, and a few lemmas that isolate useful properties. Moreover, only non-trivial lemmas have detailed proofs and these are short and easy to read and to understand. Hence, in our opinion, the presented proof is quite clear and elegant. The program-proof is implemented in the state-of-the-art verifier Dafny [10]. The Dafny programming language supports a mixture of imperative, object-oriented programming and functional programming. In this paper, we use mostly functions, methods, and algebraic datatypes. The Dafny specification language includes the usual assertional language for contracts of pre/post conditions, invariants, decreasing expressions for termination proofs, etc. Since Dafny is designed with the main purpose of facilitating the construction of correct code, Dafny notation is compact and easy to understand. For the sake of readability and conciseness, the Dafny proof language includes constructs for structuring proofs such as lemmas and calculational proofs [11]. Dafny automatically generates executable .NET code for verified programs. The presented proof is made on the basis of some lemmas that ensure natural properties. Most of the proofs are inductive and use calculations [11] when appropriate. We believe that our program-proof is a simple and intuitive example of how a practical verification tool can be used by software developers with a minimum of familiarity with contract-based specifications and first-order assertions. We aim to contribute to the spread of the educational use of automatic tools in the development of formally verified software. We are convinced that this kind of example is useful for the introduction of formal software development methods and tools in software engineering courses. To sum up, we present a mechanically verified implementation of the sorting algorithm Natural Mergesort that consists of a few methods specified by their contracts of pre/post conditions. Methods are annotated with assertions that allow the automatic verification of the contract satisfaction. Along the paper we provide and explain the complete text of the program-proof.Artículo A Generic Intermediate Representation for Verification Condition Generation, Work in ProgressMontenegro, Manuel; Peña Marí, Ricardo; Sánchez-Hernández, Jaime. Actas de las XV Jornadas de Programación y Lenguajes (PROLE 2015), 2015-09-15.As part of a platform for computer-assisted verification, we present an intermediate representation of programs that is both language independent and appropriate for the generation of verification conditions. We show how many imperative and functional languages can be translated to this generic internal representation, and how the generated conditions faithfully reflect the semantics of the original program. At this representation level, loop invariants and preconditions of recursive functions belonging to the original program are represented by assertions placed at certain edges of a directed graph. The paper defines the generic representation, sketches the transformation algorithms, and describes how the places where the invariants should be placed are computed. Assuming that, either manually or assisted by the platform, the invariants have been settled, it is shown how the verification conditions are generated. A running example illustrates the process.