Certifying the synthesis of heap-manipulating programs

Automated deductive program synthesis promises to generate executable programs from concise specifications, along with proofs of correctness that can be independently verified using third-party tools. However, an attempt to exercise this promise using existing proof-certification frameworks reveals significant discrepancies in how proof derivations are structured for two different purposes: program synthesis and program verification. These discrepancies make it difficult to use certified verifiers to validate synthesis results, forcing one to write an ad-hoc translation procedure from synthesis proofs to correctness proofs for each verification backend. In this work, we address this challenge in the context of the synthesis and verification of heap-manipulating programs. We present a technique for principled translation of deductive synthesis derivations (a.k.a. source proofs) into deductive target proofs about the synthesised programs in the logics of interactive program verifiers. We showcase our technique by implementing three different certifiers for programs generated via SuSLik, a Separation Logic-based tool for automated synthesis of programs with pointers, in foundational verification frameworks embedded in Coq: Hoare Type Theory (HTT), Iris, and Verified Software Toolchain (VST), producing concise and efficient machine-checkable proofs for characteristic synthesis benchmarks.

Formal Methods for the Informal Engineer: Workshop Recommendations

Formal Methods for the Informal Engineer (FMIE) was a workshop held at the Broad Institute of MIT and Harvard in 2021 to explore the potential role of verified software in the biomedical software ecosystem. The motivation for organizing FMIE was the recognition that the life sciences and medicine are undergoing a transition from being passive consumers of software and AI/ML technologies to fundamental drivers of new platforms, including those which will need to be mission and safety-critical. Drawing on conversations leading up to and during the workshop, we make five concrete recommendations to help software leaders organically incorporate tools, techniques, and perspectives from formal methods into their project planning and development trajectories.

Verified Software Units

Modularity - the partitioning of software into units of functionality that interact with each other via interfaces - has been the mainstay of software development for half a century. In case of the C language, the main mechanism for modularity is the compilation unit / header file abstraction. This paper complements programmatic modularity for C with modularity idioms for specification and verification in the context of Verifiable C, an expressive separation logic for CompCert . Technical innovations include (i) abstract predicate declarations – existential packages that combine Parkinson & Bierman’s abstract predicates with their client-visible reasoning principles; (ii) residual predicates, which help enforcing data abstraction in callback-rich code; and (iii) an application to pure (Smalltalk-style) objects that connects code verification to model-level reasoning about features such as subtyping, self, inheritance, and late binding. We introduce our techniques using concrete example modules that have all been verified using the Coq proof assistant and combine to fully linked verified programs using a novel, abstraction-respecting component composition rule for Verifiable C.

Defining Theoretical Foundations to Unified Metamodel For Model Reusability

Background: In model-driven development, model transformation transforms one model to another between different phases of software engineering. In model transformation, metamodel plays a vital role which defines the abstract syntax of models and the interrelationship between their elements. A unified metamodel defines an abstract syntax for both source and target models when they share core elements. Theoretical approaches define language and platform independent representation of models in software engineering. This paper investigates the theoretical foundation to this unified meta-modelling for their consistent transformation. Objective: This paper aims to define the formal foundations to the unified metamodel for generating implementation from design specifications and model reusability. Method: In this paper, the study considers transformation from design to implementation and vice versa using theoretical foundations to build a verified software system. Results: The related tools provide a formal representation of the design phase for verification purpose. Our approach provides a set-theoretical foundation to the unified metamodel for model transformation from USE (UML/OCL) to Spec#. In other words, our approach defines the formal foundation to define a model which consists of all the required properties for verification at the design and implementation phase. Conclusion: This paper introduced a new set of the theoretical framework which acts as an interface between the design and implementation to generate verified software systems.

Analysis of Thermal Effects within Cylindrical Shape Solid-State Laser Rod

In this work, a temperature-dependent analytical model was modified to predict the thermal effects of diode laser double–end-pumped cylindrical laser rod under Gaussian pump beam distribution. Heat load and temperature distribution were analyzed using the Kirchhoff integral transform method. Results show that a maximum temperature difference of approximately 69.61 K was obtained on each side face of the laser rod at a maximum power of 40 W (equally divided on each face). The total thermal focal length of approximately 34.64 mm was calculated under the Gaussian pumping profile. The finite element method code incorporated with well-verified software was used to numerically verify the obtained results, where the analytical and numerical results are highly matched. The results reveal that the total thermal focal length produced in a double–end-pumped geometry is two times less than that obtained from a single-end-pumped geometry.

Connecting Higher-Order Separation Logic to a First-Order Outside World

Separation logic is a useful tool for proving the correctness of programs that manipulate memory, especially when the model of memory includes higher-order state: Step-indexing, predicates in the heap, and higher-order ghost state have been used to reason about function pointers, data structure invariants, and complex concurrency patterns. On the other hand, the behavior of system features (e.g., operating systems) and the external world (e.g., communication between components) is usually specified using first-order formalisms. In principle, the soundness theorem of a separation logic is its interface with first-order theorems, but the soundness theorem may implicitly make assumptions about how other components are specified, limiting its use. In this paper, we show how to extend the higher-order separation logic of the Verified Software Toolchain to interface with a first-order verified operating system, in this case CertiKOS, that mediates its interaction with the outside world. The resulting system allows us to prove the correctness of C programs in separation logic based on the semantics of system calls implemented in CertiKOS. It also demonstrates that the combination of interaction trees + CompCert memories serves well as a lingua franca to interface and compose two quite different styles of program verification.