\( \require{color} \definecolor{kvcol}{RGB}{203,23,206} \definecolor{tycol}{RGB}{5,177,93} \definecolor{refcol}{RGB}{18,110,213} \newcommand{\quals}{\mathbb{Q}} \newcommand{\defeq}{\ \doteq\ } \newcommand{\subty}{\preceq} \newcommand{\True}{\mathit{True}} \newcommand{\Int}{\mathtt{Int}} \newcommand{\Nat}{\mathtt{Nat}} \newcommand{\Zero}{\mathtt{Zero}} \newcommand{\foo}[4]{{#1}^{#4} + {#2}^{#4} = {#3}^{#4}} \newcommand{\reft}[3]{\{\bindx{#1}{#2} \mid {#3}\}} \newcommand{\ereft}[3]{\bindx{#1}{\{#2 \mid #3\}}} \newcommand{\bindx}[2]{{#1}\!:\!{#2}} \newcommand{\reftx}[2]{\{{#1}\mid{#2}\}} \newcommand{\inferrule}[3][]{\frac{#2}{#3}\;{#1}} \newcommand{\kvar}[1]{\color{kvcol}{\mathbf{\kappa_{#1}}}} \newcommand{\llen}[1]{\mathtt{llen}(#1)} \)

Algorithmic Verification



Goal


Automatically Proving Properties of Programs

Algorithmic Verification

A Classic Example

Verify: indices i, min are within bounds of arr

A Classic Example

Easy, use Program Logic + Analysis

Program Logic

Specification Predicates eg. invariants, pre-/post-conditions
Verification Conditions checked by SMT solver

Program Logic


Specification Predicates eg. invariants, pre-/post-conditions
Verification Conditions checked by SMT solver


No invariants? Inference via Analysis...

Program Analysis


Invariants are Fixpoints of Reachable States


Computable via Dataflow Analysis or Abstract Interpretation


Logic + Analysis


Specification Predicates, eg. invariants, pre-/post-conditions
Verification Conditions checked by SMT solver
Inference Fixpoint over abstract domain


But ... limited to "classical" programs!

"Classical" vs. "Modern" Programs

"Classical" Programs


Imperative

Assignments, Branches, Loops


First-Order Functions

Recursion


Objects

Classes, Inheritance*

"Modern" Programs

Containers

Arrays, Lists, HashMaps,...


Polymorphism

Generics, Typeclasses...


Higher Order Functions

Callbacks, map, reduce, filter,...

A "Modern" Example

Verify indices i, min are within bounds of arr

A "Modern" Example

Pose vexing challenges for Logic + Analysis

Logic + Analysis Challenges

  • How to analyze unbounded contents of arr?
  • How to summarize reduce independent of callback?
  • How to precisely reuse summary at each context ?

Logic + Analysis + Types

Logic + Analysis + Types

Refinement Types


Use Types to lift Logic + Analysis to Modern Programs


Specification Types + Predicates
Verification Subtyping + Verification Conditions
Inference Type Inference + Abstract Interpretation



[continue]

Refinement Types



Plan



[continue...]