Advertisement

An Introduction to Software Verification with Whiley

  • David J. Pearce
  • Mark UttingEmail author
  • Lindsay Groves
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11430)

Abstract

This tutorial introduces the basic ideas of software specification and verification, which are important techniques for assuring the quality of software and eliminating common kinds of errors such as buffer overflow. The tutorial takes a practical hands-on approach using the Whiley language and its verifying compiler. This verifying compiler uses an automated proof engine to try to prove that the code will execute without errors and will satisfy its specifications. Each section of the tutorial includes exercises that can be checked using the online Whiley Labs website.

Notes

Acknowledgements

Thanks to all the students and researchers who have contributed to the development of Whiley. The slides used to present this tutorial at SETSS were based on David Pearce’s slides for the SWEN224 (Software Correctness) course at Victoria University of Wellington, 2015-2016. Thanks to the students of those classes for their feedback and comments. Thanks to Professor Zhiming LIU for organising SETSS 2018.

References

  1. 1.
    European Space Agency: Ariane 5: Flight 501 failure. Report by the Enquiry Board (1996)Google Scholar
  2. 2.
    Babić, D., Hu, A.J.: Exploiting shared structure in software verification conditions. In: Yorav, K. (ed.) HVC 2007. LNCS, vol. 4899, pp. 169–184. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-77966-7_15CrossRefGoogle Scholar
  3. 3.
    Babić, D., Hu, A.J.: Structural abstraction of software verification conditions. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 366–378. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73368-3_41CrossRefzbMATHGoogle Scholar
  4. 4.
    Back, R.J.R., von Wright, J.: Refinement Calculus: A Systematic Approach. Graduate Texts in Computer Science. Springer, New York (1998).  https://doi.org/10.1007/978-1-4612-1674-2CrossRefzbMATHGoogle Scholar
  5. 5.
    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006).  https://doi.org/10.1007/11804192_17CrossRefGoogle Scholar
  6. 6.
    Barnett, M., Fähndrich, M., Leino, K.R.M., Müller, P., Schulte, W., Venter, H.: Specification and verification: the Spec# experience. Commun. ACM 54(6), 81–91 (2011)CrossRefGoogle Scholar
  7. 7.
    Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. J. Object Technol. 3(6), 27–56 (2004)CrossRefGoogle Scholar
  8. 8.
    Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: Proceedings of the Workshop on Program Analysis for Software Tools and Engineering (PASTE), pp. 82–87. ACM Press (2005)Google Scholar
  9. 9.
    Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: a developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45236-2_24CrossRefGoogle Scholar
  10. 10.
    Carvalho, M., DeMott, J., Ford, R., Wheeler, D.: Heartbleed 101. IEEE Secur. Priv. 12(4), 63–67 (2014)CrossRefGoogle Scholar
  11. 11.
    Cataño, N., Huisman, M.: Formal specification and static checking of gemplus’ electronic purse using ESC/Java. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45614-7_16CrossRefzbMATHGoogle Scholar
  12. 12.
    Chalin, P., Rioux, F.: JML runtime assertion checking: improved error reporting and efficiency using strong validity. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 246–261. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68237-0_18CrossRefGoogle Scholar
  13. 13.
    Chandra, S., Fink, S.J., Sridharan, M.: Snugglebug: a powerful approach to weakest preconditions. In: Proceedings of the ACM conference on Programming Language Design and Implementation (PLDI), pp. 363–374. ACM Press (2009)Google Scholar
  14. 14.
    Charette, R.: This car runs on code. IEEE Spectr. 46, 3 (2009)CrossRefGoogle Scholar
  15. 15.
    Charette, R.N.: Why software fails. IEEE Spect. 42(9), 42–49 (2005)CrossRefGoogle Scholar
  16. 16.
    Cohen, E., et al.: VCC: a practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03359-9_2CrossRefGoogle Scholar
  17. 17.
    Cok, D.R.: OpenJML: JML for Java 7 by extending OpenJDK. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 472–479. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20398-5_35CrossRefGoogle Scholar
  18. 18.
    Cok, D.R.: OpenJML: Software verification for Java 7 using JML, OpenJDK, and eclipse. In: Proceedings of the Workshop on Formal Integrated Development Environment (F-IDE), vol. 149, pp. 79–92 (2014)CrossRefGoogle Scholar
  19. 19.
    Cytron, R., Ferrante, J., Rosen, B., Wegman, M., Zadeck, F.K.: An efficient method of computing static single assignment form. In: Proceedings of the ACM symposium on the Principles Of Programming Languages (POPL), pp. 25–35 (1989)Google Scholar
  20. 20.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13(4), 451–490 (1991)CrossRefGoogle Scholar
  21. 21.
    Denney, E., Fischer, B.: Explaining verification conditions. In: Meseguer, J., Roşu, G. (eds.) AMAST 2008. LNCS, vol. 5140, pp. 145–159. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-79980-1_12CrossRefGoogle Scholar
  22. 22.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365–473 (2005)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Detlefs, D.L., Leino, K.R.M., Nelson, G., Saxe, J.B.: Extended static checking. SRC Research Report 159, Compaq Systems Research Center (1998)Google Scholar
  24. 24.
    Dijkstra, E.W.: Guarded commands, nondeterminancy and formal derivation of programs. Commun. ACM 18, 453–457 (1975)CrossRefGoogle Scholar
  25. 25.
    Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of Internet Measurement Conference (IMC), pp. 475–488. ACM Press (2014)Google Scholar
  26. 26.
    Fähndrich, M., Leino, K.R.M.: Declaring and checking non-null types in an object-oriented language. In: Proceedings of the ACM conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), pp. 302–312. ACM Press (2003)Google Scholar
  27. 27.
    Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73368-3_21CrossRefGoogle Scholar
  28. 28.
    Flanagan, C., Leino, K., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the ACM conference on Programming Language Design and Implementation (PLDI), pp. 234–245 (2002)Google Scholar
  29. 29.
    Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: Proceedings of the ACM symposium on the Principles Of Programming Languages (POPL), pp. 193–205. ACM Press (2001)Google Scholar
  30. 30.
    Floyd, R.W.: Assigning meaning to programs. In: Proceedings of Symposia in Applied Mathematics, vol. 19, pp. 19–31. American Mathematical Society (1967)Google Scholar
  31. 31.
    Frade, M.J., Pinto, J.S.: Verification conditions for source-level imperative programs. Comput. Sci. Rev. 5(3), 252–277 (2011)CrossRefGoogle Scholar
  32. 32.
    Software problem led to system failure at dhahran, saudi arabia, gao report #b-247094 (1992)Google Scholar
  33. 33.
    Grigore, R., Charles, J., Fairmichael, F., Kiniry, J.: Strongest postcondition of unstructured programs. In: Proceedings of the Workshop on Formal Techniques for Java-like Programs (FTFJP), pp. 6:1–6:7. ACM Press (2009)Google Scholar
  34. 34.
    Hoare, C.A.R.: An axiomatic basis for computer programming. CACM 12, 576–580 (1969)CrossRefGoogle Scholar
  35. 35.
    Holzmann, G.J.: Out of bounds. IEEE Softw. 32(6), 24–26 (2015)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Huisman, M., Klebanov, V., Monahan, R.: Verifythis verification competition 2012 - organizer’s report (2013)Google Scholar
  37. 37.
    Jacobs, B.: Weakest pre-condition reasoning for Java programs with JML annotations. J. Log. Algebr. Program. 58(1–2), 61–88 (2004)CrossRefGoogle Scholar
  38. 38.
    Kassios, I.T.: Dynamic frames: support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006).  https://doi.org/10.1007/11813040_19CrossRefGoogle Scholar
  39. 39.
    Klebanov, V., et al.: The 1st verified software competition: experience report. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 154–168. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21437-0_14CrossRefGoogle Scholar
  40. 40.
    Ko, A.J., Dosono, B., Duriseti, N.: Thirty years of software problems in the news. In: Proceedings of the 7th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2014, Hyderabad, India, 2–3 June 2014. ACM Press (2014)Google Scholar
  41. 41.
    Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. Sci. Comput. Program. 55(1–3), 185–208 (2005)MathSciNetCrossRefGoogle Scholar
  42. 42.
    Leino, K.R.M.: Efficient weakest preconditions. Inf. Process. Lett. 93(6), 281–288 (2005)MathSciNetCrossRefGoogle Scholar
  43. 43.
    Rustan, K., Leino, M.: Developing verified programs with Dafny. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, p. 82. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-27705-4_7CrossRefGoogle Scholar
  44. 44.
    Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17511-4_20CrossRefzbMATHGoogle Scholar
  45. 45.
    Leino, K.R.M., Müller, P.: Using the Spec# language, methodology, and tools to write bug-free programs. In: Müller, P. (ed.) LASER 2007–2008. LNCS, vol. 6029, pp. 91–139. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13010-6_4CrossRefGoogle Scholar
  46. 46.
    Leino, K.R.M., Monahan, R.: Dafny meets the verification benchmarks challenge. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds.) VSTTE 2010. LNCS, vol. 6217, pp. 112–126. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15057-9_8CrossRefGoogle Scholar
  47. 47.
    Leveson, N., Turner, C.: An investigation of the Therac-25 accidents. IEEE Comput. 26(7), 18–41 (1993)CrossRefGoogle Scholar
  48. 48.
    Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall, Upper Saddle River (1994)zbMATHGoogle Scholar
  49. 49.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78800-3_24CrossRefGoogle Scholar
  50. 50.
    Pearce, D.J.: Integer range analysis for Whiley on embedded systems. In: Proceedings of the IEEE/IFIP Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, pp. 26–33 (2015)Google Scholar
  51. 51.
    Pearce, D.J.: The Whiley Language Specification (Updated, 2016)Google Scholar
  52. 52.
    Pearce, D.J., Groves, L.: Whiley: a platform for research in software verification. In: Erwig, M., Paige, R.F., Van Wyk, E. (eds.) SLE 2013. LNCS, vol. 8225, pp. 238–248. Springer, Cham (2013).  https://doi.org/10.1007/978-3-319-02654-1_13CrossRefGoogle Scholar
  53. 53.
    Rahman, H.A., Beznosov, K., Martí, J.R.: Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports. Int. J. Crit. Infrastruct. 5(3), 220–244 (2009)CrossRefGoogle Scholar
  54. 54.
    Sánchez, J., Leavens, G.T.: Static verification of PtolemyRely programs using OpenJML. In: Proceedings of the Workshop on Foundations of Aspect-Oriented Languages (FOAL), pp. 13–18. ACM Press (2014)Google Scholar
  55. 55.
    Steinberg, J.: Massive internet security vulnerability - here’s what you need to do (2014). https://www.forbes.com/sites/josephsteinberg/2014/04/10/massive-internet-security-vulnerability-you-are-at-risk-what-you-need-to-do. Accessed 12 Jan 2019
  56. 56.
    Stevens, M.: Demonstrating Whiley on an embedded system. Technical report, School of Engineering and Computer Science, Victoria University of Wellington (2014). http://www.ecs.vuw.ac.nz/~djp/files/MattStevensENGR489.pdf
  57. 57.
    Weng, M.H., Pfahringer, B., Utting, M.: Static techniques for reducing memory usage in the C implementation of Whiley programs. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2017, pp. 15:1–15:8. ACM, New York (2017).  https://doi.org/10.1145/3014812.3014827
  58. 58.
    White, D., Roschelle, A., Peterson, P., Schlissel, D., Biewald, B., Steinhurst, W.: The 2003 blackout: solutions that won’t cost a fortune. Electr. J. 16(9), 43–53 (2003)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Victoria University of WellingtonWellingtonNew Zealand
  2. 2.University of the Sunshine CoastSunshine CoastAustralia

Personalised recommendations