Previous | 
Home
Section: New Results
Deductive Verification
-
J.-C. Filliâtre, L. Gondelman, and A. Paskevich have formalized the notion of ghost code implemented in Why3, in a paper The Spirit of Ghost Code [35] presented at CAV 2014. This is an outcome of L. Gondelman's M2 internship (spring/summer 2013).
-
M. Clochard published at the POPL conference a paper presenting a work done during an internship at Rice University (Houston, TX, USA) with S. Chaudhuri and A. Solar-Lezama [29] . It is a new technique for parameter synthesis under boolean and quantitative objectives. The input to the technique is a “sketch”—a program with missing numerical parameters—and a probabilistic assumption about the program's inputs. The goal is to automatically synthesize values for the parameters such that the resulting program satisfies: (1) a boolean specification, which states that the program must meet certain assertions, and (2) a quantitative specification, which assigns a real valued rating to every program and which the synthesizer is expected to optimize.
-
J.-C. Filliâtre, C. Marché, and A. Paskevich, together with F. Bobot (CEA LIST), took part in the VerifyThis program verification competition, held at the 18th FM symposium in August 2012. They used Why3 to solve three challenges (which can be found at http://fm2012.verifythis.org/challenges/ ), and their solutions have been published in a special issue of the journal Software Tools for Technology Transfer [16] .
-
M. Clochard developed, using Why3, verified implementations of several data structures, including random-access lists and ordered maps. These are derived from a common parametric implementation of self-balancing binary trees in the style of Adelson-Velskii and Landis trees (so-called AVLs). This work appeared at the VSTTE conference [30] . Its originality relies on the genericity of the specifications and the code, and the very high level of proof automation. Such a case study is aimed at illustrating the capabilities of Why3 for designing certified libraries. Development is available from our gallery at http://toccata.lri.fr/gallery/avl.fr.html .
-
S. Conchon and A. Mebsout have extended the core algorithm of the Cubicle model checker with a mechanism for inferring invariants. This new algorithm, called BRAB, is able to automatically infer invariants strong enough to prove industrial cache coherence protocols. BRAB computes over-approximations of backward reachable states that are checked to be unreachable in a finite instance of the system. These approximations (candidate invariants) are then model-checked together with the original safety properties. Completeness of the approach is ensured by a mechanism for backtracking on spurious traces introduced by too coarse approximations. Details can be found in A. Mebsout's PhD thesis [15] .
-
A. Charguéraud extended his tool CFML to support, in addition to the verification of the full functional correctness of a piece of code, the verification of the asymptotic complexity of the code. Even though it had been previously established that, in theory, amortized analysis can be explained as the manipulation of time credits, and that time credits can be encoded as resources in Separation Logic, CFML is the first practical tool to support the formal verification of amortized analyses for arbitrarily-complex pieces of code. The time-credit extension to CFML was put to practice to verify dynamic arrays (Julien Grangier's internship), and to verify a chunked sequence data structure [26] , particularly challenging due to its use of Tarjan's data structural bootstrapping technique. The latter piece of work was presented in July at the workshop Semantics of proofs and certified mathematics, which took place at the Institut Henri Pointcaré. A paper describing the time-credit extension to CFML is under preparation.