Skip to main content
SpringerLink
Log in

Counterexamples from Proof Failures in SPARK

  • Conference paper
  • First Online:
Software Engineering and Formal Methods (SEFM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9763))

Included in the following conference series:

Abstract

A major issue in the activity of deductive program verification is the understanding of the reason why a proof fails. To help the user understand the problem and decide what needs to be fixed in the code or the specification, it is essential to provide means to investigate such a failure. We present our approach for the design and the implementation of counterexample generation within the SPARK 2014 environment, exhibiting values for the variables of the program where a given part of the specification fails to be validated. To produce a counterexample, we exploit the ability of SMT solvers to propose, when a proof of a formula is not found, a counter-model. Turning such a counter-model into a counterexample for the initial program is not trivial because of the many transformations leading from a given code and specification to a verification condition.

Work partly supported by the Joint Laboratory ProofInUse (ANR-13-LAB3-0007, http://www.spark-2014.org/proofinuse) of the French national research organization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barnes, J.: Programming in Ada 2012. Cambridge University Press, Cambridge (2014)

    Book  Google Scholar 

  2. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB standard: version 2.0. In: 8th International Workshop on Satisfiability Modulo Theories (2010)

    Google Scholar 

  4. Blanchette, J.C., Nipkow, T.: Nitpick: a counterexample generator for higher-order logic based on a relational model finder. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 131–146. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Bobot, F., Conchon, S., Contejean, E., Iguernelala, M., Lescuyer, S., Mebsout, A.: The Alt-Ergo automated theorem prover (2008). http://alt-ergo.lri.fr/

  6. Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: Shepherd your herd of provers. In: International Workshop on Intermediate Verification Languages, Wrocław, Poland, pp. 53–64 (2011)

    Google Scholar 

  7. Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Let’s verify this with Why3. Int. J. Softw. Tools Technol. Transfer 17(6), 709–727 (2015)

    Article  Google Scholar 

  8. Chapman, R., Schanda, F.: Are we there yet? 20 years of industrial theorem proving with SPARK. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 17–26. Springer, Heidelberg (2014)

    Google Scholar 

  9. Christakis, M., Leino, K.R.M., Müller, P., Wüstholz, V.: Integrated environment for diagnosing verification errors. In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 424–441. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49674-9_25

    Chapter  Google Scholar 

  10. Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Cok, D.R.: Improved usability and performance of SMT solvers for debugging specifications. Int. J. Softw. Tools Technol. Transf. 12(6), 467–481 (2010)

    Article  Google Scholar 

  12. Cok, D.R.: OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse. In: Formal Integrated Development Environments (2014). Elec. Proc. Theor. Comput. Sci. 149, 79–92 (2014)

    Google Scholar 

  13. Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Filliâtre, J.-C., Paskevich, A.: Why3 — where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Groce, A., Kroning, D., Lerda, F.: Understanding counterexamples with explain. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 453–456. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Hauzar, D., Marché, C., Moy, Y.: Counterexamples from proof failures in the SPARK program verifier. Research Report 8854, Inria (2016). https://hal.inria.fr/hal-01271174

  17. Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Le Goues, C., Leino, K.R.M., Moskal, M.: The boogie verification debugger (tool paper). In: Barthe, G., Pardo, A., Schneider, G. (eds.) SEFM 2011. LNCS, vol. 7041, pp. 407–414. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  19. Leino, K.R.M., Millstein, T., Saxe, J.B.: Generating error traces from verification-condition counterexamples. Sci. Comput. Program. 55(1–3), 209–226 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  20. Leino, K.R.M., Wüstholz, V.: The Dafny integrated development environment. In: Formal Integrated Development Environments (2014). Elec. Proc. Theor. Comput. Sci. 149, 3–15 (2014)

    Google Scholar 

  21. McCormick, J.W., Chapin, P.C.: Building High Integrity Applications with SPARK. Cambridge University Press, Cambridge (2015)

    Book  MATH  Google Scholar 

  22. de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Müller, P., Ruskiewicz, J.N.: Using debuggers to understand failed verification attempts. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 73–87. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  24. Petiot, G., Kosmatov, N., Botella, B., Giorgetti, A., Julliand, J.: Your proof fails? testing helps to find the reason (2015). http://arxiv.org/abs/1508.01691

  25. Schanda, F., Brain, M.: Using answer set programming in the development of verified software. In: Technical Communications of the 28th International Conference on Logic Programming. LIPIcs, vol. 17, pp. 72–85. Leibniz-Zentrum fuer Informatik (2012)

    Google Scholar 

  26. Torlak, E., Jackson, D.: Kodkod: a relational model finder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 632–647. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank David Cok, Clément Fumex, Rustan Leino, Andrei Paskevich, Florian Schanda, as well as the anonymous reviewers for their useful comments. We are pleased that a reviewer specifically agreed with us on “the suggested improvement to SMT solvers regarding hard and soft limits” and another confirmed that “the insights discussed as future work are very interesting”.

Author information

Authors and Affiliations

  1. Inria, Université Paris-Saclay, 91893, Palaiseau, France

    David Hauzar & Claude Marché

  2. LRI, CNRS & Univ. Paris-Sud, 91405, Orsay, France

    David Hauzar & Claude Marché

  3. AdaCore, 75009, Paris, France

    David Hauzar & Yannick Moy

Authors
  1. David Hauzar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claude Marché
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yannick Moy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Claude Marché .

Editor information

Editors and Affiliations

  1. IMT - School for Advanced Studies, Lucca, Italy

    Rocco De Nicola

  2. Institute of Computer Languages, TU Wien, Wien, Austria

    Eva Kühn

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Hauzar, D., Marché, C., Moy, Y. (2016). Counterexamples from Proof Failures in SPARK. In: De Nicola, R., Kühn, E. (eds) Software Engineering and Formal Methods. SEFM 2016. Lecture Notes in Computer Science(), vol 9763. Springer, Cham. https://doi.org/10.1007/978-3-319-41591-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41591-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41590-1

  • Online ISBN: 978-3-319-41591-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation