Skip to main content

Advertisement

SpringerLink
Account
Menu
Find a journal Publish with us
Search
Cart
Book cover

European Symposium on Programming

ESOP 2021: Programming Languages and Systems pp 118–147Cite as

  1. Home
  2. Programming Languages and Systems
  3. Conference paper
Verified Software Units

Verified Software Units

  • Lennart Beringer  ORCID: orcid.org/0000-0002-1570-34929 
  • Conference paper
  • Open Access
  • First Online: 23 March 2021

  • 3577 Accesses

  • 3 Citations

  • 1 Altmetric

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 12648)

Abstract

Modularity - the partitioning of software into units of functionality that interact with each other via interfaces - has been the mainstay of software development for half a century. In case of the C language, the main mechanism for modularity is the compilation unit / header file abstraction. This paper complements programmatic modularity for C with modularity idioms for specification and verification in the context of Verifiable C, an expressive separation logic for CompCert Clight. Technical innovations include (i) abstract predicate declarations – existential packages that combine Parkinson & Bierman’s abstract predicates with their client-visible reasoning principles; (ii) residual predicates, which help enforcing data abstraction in callback-rich code; and (iii) an application to pure (Smalltalk-style) objects that connects code verification to model-level reasoning about features such as subtyping, self, inheritance, and late binding. We introduce our techniques using concrete example modules that have all been verified using the Coq proof assistant and combine to fully linked verified programs using a novel, abstraction-respecting component composition rule for Verifiable C.

Keywords

  • Verified Software Unit
  • Abstract Predicate Declaration
  • Residual Predicate
  • Positive Subtyping
  • Verified Software Toolchain

Chapter PDF

Download to read the full chapter text

References

  1. Ahmed, A., Appel, A.W., Richards, C.D., Swadi, K.N., Tan, G., Wang, D.C.: Semantic foundations for typed assembly languages. ACM Trans. Program.Lang. Syst. 32(3), 7:1–7:67 (2010), https://doi.org/10.1145/1709093.1709094

  2. Albert, E., Puebla, G., Hermenegildo, M.V.: Abstraction-carrying code. In: Baader and Voronkov [7], pp. 380–397, https://doi.org/10.1007/978-3-540-32275-7_25

  3. Appel, A.W.: Foundational proof-carrying code. In: LICS’01: 16th Annual IEEE Symposium on Logic in Computer Science, Proceedings. pp. 247–256. IEEE Computer Society (2001), https://doi.org/10.1109/LICS.2001.932501

  4. Appel, A.W., Dockins, R., Hobor, A., Beringer, L., Dodds, J., Stewart, G., Blazy, S., Leroy, X.: Program Logics for Certified Compilers. Cambridge (2014)

    Google Scholar 

  5. Appel, A.W., Naumann, D.A.: Verified sequential malloc/free. In: Ding, C., Maas, M. (eds.) ISMM’20: 2020 ACM SIGPLAN International Symposium on Memory Management. pp. 48–59. ACM (2020), https://doi.org/10.1145/3381898.3397211

  6. Aspinall, D., Gilmore, S., Hofmann, M., Sannella, D., Stark, I.: Mobile resource guarantees for smart devices. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J., Muntean, T. (eds.) CASSIS’04: International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, Revised Selected Papers. LNCS, vol. 3362, pp. 1–26. Springer (2004), https://doi.org/10.1007/978-3-540-30569-9_1

  7. Baader, F., Voronkov, A. (eds.): LPAR’04: Logic for Programming, Artificial Intelligence, and Reasoning, 11th International Conference, Proceedings, LNCS, vol. 3452. Springer (2005), https://doi.org/10.1007/b106931

  8. Balzer, R.M.: Dataless programming. In: American Federation of Information Processing Societies: Proceedings of the AFIPS ’67 Fall Joint Computer Conference. AFIPS Conference Proceedings, vol. 31, pp. 535–544. AFIPS / ACM / Thomson Book Company, Washington D.C. (1967), https://doi.org/10.1145/1465611.1465683

  9. Balzer, S.: Rumer: A programming language and modular verification technique based on relationships. Ph.D. thesis, ETH Zürich (2011)

    Google Scholar 

  10. Banerjee, A., Naumann, D.A.: Local reasoning for global invariants, part II: dynamic boundaries. J. ACM 60(3), 19:1–19:73 (2013), http://doi.acm.org/10.1145/2485981

  11. Barnett, M., DeLine, R., Fähndrich, M., Leino, K.R.M., Schulte, W.: Verification of object-oriented programs with invariants. Journal of Object Technology 3(6), 27–56 (2004), https://doi.org/10.5381/jot.2004.3.6.a2

  12. Barnett, M., Naumann, D.A.: Friends need a bit more: Maintaining invariants over shared state. In: Kozen, D., Shankland, C. (eds.) Mathematics of Program Construction, 7th International Conference, MPC 2004, Proceedings. LNCS, vol. 3125, pp. 54–84. Springer (2004), https://doi.org/10.1007/978-3-540-27764-4_5

  13. Barthe, G., Crégut, P., Grégoire, B., Jensen, T.P., Pichardie, D.: The MOBIUS proof carrying code infrastructure. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P. (eds.) FMCO’07: Formal Methods for Components and Objects, 6th International Symposium, Revised Lectures. LNCS, vol. 5382, pp. 1–24. Springer (2007), https://doi.org/10.1007/978-3-540-92188-2_1

  14. Beringer, L.: Verified Software Units – Coq development (2021), https://www.cs.princeton.edu/~eberinge/VSU_Esop21.tar.gz

  15. Beringer, L., Appel, A.W.: Abstraction and subsumption in modular verification of C programs. In: ter Beek, M.H., McIver, A., Oliveira, J.N. (eds.) Formal Methods - The Next 30 Years - Third World Congress, FM 2019, Proceedings. LNCS, vol. 11800, pp. 573–590. Springer (2019), https://doi.org/10.1007/978-3-030-30942-8_34

  16. Beringer, L., Hofmann, M., Momigliano, A., Shkaravska, O.: Automatic certification of heap consumption. In: Baader and Voronkov [7], pp. 347–362, https://doi.org/10.1007/978-3-540-32275-7_23

  17. Besson, F., Jensen, T.P., Pichardie, D.: Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364(3), 273–291 (2006), https://doi.org/10.1016/j.tcs.2006.08.012

  18. Bruce, K.B., Cardelli, L., Pierce, B.C.: Comparing object encodings. Inf. Comput. 155(1-2), 108–133 (1999), https://doi.org/10.1006/inco.1999.2829

  19. Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond assertions: Advanced specification and verification with JML and ESC/Java2. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P. (eds.) Formal Methods for Components and Objects, 4th International Symposium, FMCO 2005, Revised Lectures. LNCS, vol. 4111, pp. 342–363. Springer (2005), https://doi.org/10.1007/11804192_16

  20. Clarke, D., Drossopoulou, S., Noble, J., Wrigstad, T.: Aliasing, confinement, and ownership in object-oriented programming. In: Cebulla, M. (ed.) Object-Oriented Technology. ECOOP 2007 Workshop Reader, Final Reports. LNCS, vol. 4906, pp. 40–49. Springer (2007), https://doi.org/10.1007/978-3-540-78195-0_5

  21. Drossopoulou, S., Damiani, F., Dezani-Ciancaglini, M., Giannini, P.: Fickle : Dynamic object re-classification. In: Knudsen, J.L. (ed.) ECOOP 2001 - Object-Oriented Programming, 15th European Conference, Proceedings. LNCS, vol. 2072, pp. 130–149. Springer (2001), https://doi.org/10.1007/3-540-45337-7_8

  22. Drossopoulou, S., Francalanza, A., Müller, P., Summers, A.J.: A unified framework for verification techniques for object invariants. In: Vitek, J. (ed.) ECOOP 2008 - Object-Oriented Programming, 22nd European Conference, Proceedings. LNCS, vol. 5142, pp. 412–437. Springer (2008), https://doi.org/10.1007/978-3-540-70592-5_18

  23. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Longman Publishing Co., Inc, USA (1995)

    Google Scholar 

  24. Gu, R., Koenig, J., Ramananandro, T., Shao, Z., Wu, X.N., Weng, S., Zhang, H., Guo, Y.: Deep specifications and certified abstraction layers. In: Rajamani, S.K., Walker, D. (eds.) Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015. pp. 595–608. ACM (2015), https://doi.org/10.1145/2676726.2676975

  25. Gu, R., Shao, Z., Chen, H., Kim, J., Koenig, J., Wu, X.N., Sjöberg, V., Costanzo, D.: Building certified concurrent OS kernels. Commun. ACM 62(10), 89–99 (2019), https://doi.org/10.1145/3356903

  26. Gu, R., Shao, Z., Kim, J., Wu, X.N., Koenig, J., Sjöberg, V., Chen, H., Costanzo, D., Ramananandro, T.: Certified concurrent abstraction layers. In: Foster, J.S., Grossman, D. (eds.) Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018. pp. 646–661. ACM (2018), https://doi.org/10.1145/3192366.3192381

  27. Hamid, N.A., Shao, Z., Trifonov, V., Monnier, S., Ni, Z.: A syntactic approach to foundational proof-carrying code. J. Autom. Reasoning 31(3-4), 191–229 (2003), https://doi.org/10.1023/B:JARS.0000021012.97318.e9

  28. Hawblitzel, C., Howell, J., Kapritsos, M., Lorch, J.R., Parno, B., Roberts, M.L., Setty, S.T.V., Zill, B.: Ironfleet: proving safety and liveness of practical distributed systems. Commun. ACM 60(7), 83–92 (2017), https://doi.org/10.1145/3068608

  29. Hawblitzel, C., Howell, J., Lorch, J.R., Narayan, A., Parno, B., Zhang, D., Zill, B.: Ironclad apps: End-to-end security via automated full-system verification. In: Flinn, J., Levy, H. (eds.) 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI ’14. pp. 165–181. USENIX Association (2014), https://www.usenix.org/conference/osdi14/technical-sessions/presentation/hawblitzel

  30. Hofmann, M., Pierce, B.C.: Positive subtyping. Inf. Comput. 126(1), 11–33 (1996), https://doi.org/10.1006/inco.1996.0031

  31. Honsell, F., Lenisa, M., Redamalla, R.: Coalgebraic semantics and observational equivalences of an imperative class-based OO-language. Electron. Notes Theor. Comput. Sci. 104, 163–180 (2004), https://doi.org/10.1016/j.entcs.2004.08.024

  32. Huisman, M., Jacobs, B.: Inheritance in higher order logic: Modeling and reasoning. In: Theorem Proving in Higher Order Logics. LNCS, vol. 1869, pp. 301–319. Springer (2000)

    Google Scholar 

  33. Jacobs, B.: Objects and classes, co-algebraically. In: Freitag, B., Jones, C.B., Lengauer, C., Schek, H. (eds.) Object Orientation with Parallelism and Persistence. pp. 83–103. Kluwer Academic Publishers (1995)

    Google Scholar 

  34. Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: Verifast: A powerful, sound, predictable, fast verifier for C and java. In: Bobaru, M.G., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NASA Formal Methods - Third International Symposium, NFM 2011. Proceedings. LNCS, vol. 6617, pp. 41–55. Springer (2011), https://doi.org/10.1007/978-3-642-20398-5_4

  35. Jacobs, B., Smans, J., Piessens, F.: Verifying the composite pattern using separation logic. In: Specification and verification of component-based systems – Workshop at ACM SIGSOFT/FSE 16 (2008), available at https://people.cs.kuleuven.be/~bart.jacobs/verifast

  36. Jung, R., Krebbers, R., Jourdan, J.H., Bizjak, A., Birkedal, L., Dreyer, D.: Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 (2018)

    Google Scholar 

  37. Kay, A.C.: The early history of Smalltalk. In: Lee, J.A.N., Sammet, J.E. (eds.) History of Programming Languages Conference (HOPL-II), Preprints. pp. 69–95. ACM (1993), https://doi.org/10.1145/154766.155364

  38. Kleymann, T.: Hoare logic and auxiliary variables. Formal Asp. Comput. 11(5), 541–566 (1999), https://doi.org/10.1007/s001650050057

  39. Koh, N., Li, Y., Li, Y., Xia, L., Beringer, L., Honoré, W., Mansky, W., Pierce, B.C., Zdancewic, S.: From C to interaction trees: specifying, verifying, and testing a networked server. In: Mahboubi, A., Myreen, M.O. (eds.) Proceedings of the 8th ACM SIGPLAN International Conference on Certified Programs and Proofs, (CPP’19). pp. 234–248. ACM (2019), https://doi.org/10.1145/3293880.3294106

  40. Kravchuk-Kirilyuk, A.Y.: The B\(^{+}\)-tree Index as a Verified Software Unit. Master’s thesis, Department of Computer Science, Princeton University (2020)

    Google Scholar 

  41. Krishnaswami, N.R., Aldrich, J., Birkedal, L., Svendsen, K., Buisse, A.: Design patterns in separation logic. In: Kennedy, A., Ahmed, A. (eds.) Proceedings of TLDI’09: 2009 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation. pp. 105–116. ACM (2009), https://doi.org/10.1145/1481861.1481874

  42. Leavens, G.T., Naumann, D.A.: Behavioral subtyping, specification inheritance, and modular reasoning. ACM Trans. on Programming Languages and Systems 37(4), 13:1–13:88 (2015), https://doi.org/10.1145/2766446

  43. Liskov, B.: Keynote address - data abstraction and hierarchy. SIGPLAN Not. 23(5), 17–34 (Jan 1987), https://doi.org/10.1145/62139.62141

  44. Liskov, B., Wing, J.M.: A behavioral notion of subtyping. ACM Trans. Program. Lang. Syst. 16(6), 1811–1841 (1994), https://doi.org/10.1145/197320.197383

  45. McKinna, J., Burstall, R.M.: Deliverables: A categorial approach to program development in type theory. In: Borzyszkowski, A.M., Sokolowski, S. (eds.) Mathematical Foundations of Computer Science 1993, 18th International Symposium, MFCS’93. Lecture Notes in Computer Science, vol. 711, pp. 32–67. Springer (1993), https://doi.org/10.1007/3-540-57182-5_3

  46. Mitchell, J.C., Plotkin, G.D.: Abstract types have existential type. ACM Trans. on Programming Languages and Systems 10(3), 470–502 (Jul 1988)

    Google Scholar 

  47. Müller, P., Poetzsch-Heffter, A., Leavens, G.T.: Modular invariants for layered object structures. Sci. Comput. Program. 62(3), 253–286 (2006), https://doi.org/10.1016/j.scico.2006.03.001

  48. Naumann, D.A.: Deriving sharp rules of adaptation for Hoare logics. Tech. Rep. 9906, Department of Computer Science, Stevens Institute of Technology (1999)

    Google Scholar 

  49. Necula, G.C.: Proof-carrying code. In: Lee, P., Henglein, F., Jones, N.D. (eds.) Conference Record of POPL’97: The 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. pp. 106–119. ACM Press (1997), https://doi.org/10.1145/263699.263712

  50. Nipkow, T.: Hoare logics for recursive procedures and unbounded nondeterminism. In: Bradfield, J.C. (ed.) Computer Science Logic, 16th International Workshop, CSL 2002, 11th Annual Conference of the EACSL, Proceedings. Lecture Notes in Computer Science, vol. 2471, pp. 103–119. Springer (2002), https://doi.org/10.1007/3-540-45793-3_8

  51. Nistor, L., Aldrich, J., Balzer, S., Mehnert, H.: Object propositions. In: Jones, C.B., Pihlajasaari, P., Sun, J. (eds.) FM 2014: Formal Methods - 19th International Symposium, Singapore, May 12-16, 2014. Proceedings. LNCS, vol. 8442, pp. 497–513. Springer (2014), https://doi.org/10.1007/978-3-319-06410-9_34

  52. Nistor, L., Kurilova, D., Balzer, S., Chung, B., Potanin, A., Aldrich, J.: Wyvern: A simple, typed, and pure object-oriented language. In: Proceedings of the 5th Workshop on MechAnisms for SPEcialization, Generalization and InHerItance. pp. 9–16. MASPEGHI ’13, Association for Computing Machinery, New York, NY, USA (2013), https://doi.org/10.1145/2489828.2489830

  53. O’Hearn, P.W.: Separation logic. Commun. ACM 62(2), 86–95 (2019), https://doi.org/10.1145/3211968

  54. O’Hearn, P.W., Yang, H., Reynolds, J.C.: Separation and information hiding. ACM Trans. Program. Lang. Syst. 31(3), 11:1–11:50 (2009), https://doi.org/10.1145/1498926.1498929.

  55. Parkinson, M.: Class invariants: the end of the road? (2007), contained in [20]. Also available at https://people.dsv.su.se/~tobias/iwaco/p3-parkinson.pdf

  56. Parkinson, M.J., Bierman, G.M.: Separation logic and abstraction. In: Palsberg, J., Abadi, M. (eds.) Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005. pp. 247–258. ACM (2005), https://doi.org/10.1145/1040305.1040326

  57. Parkinson, M.J., Bierman, G.M.: Separation logic, abstraction and inheritance. In: Necula, G.C., Wadler, P. (eds.) Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2008. pp. 75–86. ACM (2008), https://doi.org/10.1145/1328438.1328451

  58. Pierce, B.C.: Types and Programming Languages. MIT Press, Cambridge, Mass. (2002)

    Google Scholar 

  59. Polikarpova, N., Tschannen, J., Furia, C.A., Meyer, B.: Flexible invariants through semantic collaboration. In: Jones, C.B., Pihlajasaari, P., Sun, J. (eds.) FM 2014: Formal Methods - 19th International Symposium. LNCS, vol. 8442, pp. 514–530. Springer (2014), https://doi.org/10.1007/978-3-319-06410-9_35

  60. Reynolds, J.C.: GEDANKEN - a simple typeless language based on the principle of completeness and the reference concept. Commun. ACM 13(5), 308–319 (1970), https://doi.org/10.1145/362349.362364

  61. Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: 17th IEEE Symposium on Logic in Computer Science (LICS 2002), Proceedings. pp. 55–74. IEEE Computer Society (2002), https://doi.org/10.1109/LICS.2002.1029817

  62. Saini, D., Sunshine, J., Aldrich, J.: A theory of typestate-oriented programming. In: Proceedings of the 12th Workshop on Formal Techniques for Java-Like Programs, FTFJP 2010, Maribor, Slovenia, June 22, 2010. pp. 9:1–9:7. ACM (2010), https://doi.org/10.1145/1924520.1924529

  63. Schreiner, A.T.: Objektorientierte Programmierung mit ANSI-C. Hanser (1994), https://www.cs.rit.edu/~ats

  64. Sjöberg, V., Sang, Y., Weng, S.c., Shao, Z.: DeepSEA: A language for certified system software. Proc. ACM Program. Lang. 3(OOPSLA), 136:1–136:27 (Oct 2019), https://doi.org/10.1145/3360562

  65. Summers, A.J., Drossopoulou, S.: Considerate reasoning and the composite design pattern. In: Barthe, G., Hermenegildo, M.V. (eds.) Verification, Model Checking, and Abstract Interpretation, 11th International Conference, VMCAI 2010, Proceedings. LNCS, vol. 5944, pp. 328–344. Springer (2010), https://doi.org/10.1007/978-3-642-11319-2_24

  66. Summers, A.J., Drossopoulou, S., Müller, P.: The need for flexible object invariants. In: International Workshop on Aliasing, Confinement and Ownership in Object-Oriented Programming (IWACO’09). ACM (2009), https://doi.org/10.1145/1562154.1562160

  67. Vasudevan, A., Chaki, S., Maniatis, P., Jia, L., Datta, A.: überspark: Enforcing verifiable object abstractions for automated compositional security analysis of a hypervisor. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16. pp. 87–104. USENIX Association (2016), https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/vasudevan

  68. Xia, L., Zakowski, Y., He, P., Hur, C., Malecha, G., Pierce, B.C., Zdancewic, S.: Interaction trees: representing recursive and impure programs in Coq. Proc. ACM Program. Lang. 4(POPL), 51:1–51:32 (2020), https://doi.org/10.1145/3371119

Download references

Acknowledgments

This work was funded by the National Science Foundation under the awards 1005849 (Verified High Performance Data Structure Implementations, Beringer) and 1521602 Expedition in Computing: The Science of Deep Specification, Appel). The author is grateful to the members of both projects for their feedback and greatly appreciates the reviewers’ comments and suggestions.

Author information

Authors and Affiliations

  1. Princeton University, Princeton, NJ, 08544, USA

    Lennart Beringer

Authors
  1. Lennart Beringer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lennart Beringer .

Editor information

Editors and Affiliations

  1. Imperial College, London, UK

    Nobuko Yoshida

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and Permissions

Copyright information

© 2021 The Author(s)

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Beringer, L. (2021). Verified Software Units. In: Yoshida, N. (eds) Programming Languages and Systems. ESOP 2021. Lecture Notes in Computer Science(), vol 12648. Springer, Cham. https://doi.org/10.1007/978-3-030-72019-3_5

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-030-72019-3_5

  • Published: 23 March 2021

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-72018-6

  • Online ISBN: 978-3-030-72019-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

  • The European Joint Conferences on Theory and Practice of Software.

    Published in cooperation with

    http://www.etaps.org/

search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

Not affiliated

Springer Nature

© 2023 Springer Nature