From Z3 to Lean, Efficient Verification

Similar documents
A heuristic method for formally verifying real inequalities

Leonardo de Moura and Nikolaj Bjorner Microsoft Research

Network Verification Solvers, Symmetries, Surgeries. Nikolaj Bjørner

Integration of SMT Solvers with ITPs There and Back Again

Ruzica Piskac Yale University

Deductive Program Verification with Why3, Past and Future

DPLL(Γ+T): a new style of reasoning for program checking

Software Model Checking

Dynamic Software Model Checking

mathlib: Lean s mathematical library

The Lean Theorem Prover (system description)

Introduction: Software Testing and Quality Assurance

Provably Correct Software

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

Towards Lean 4: Sebastian Ullrich 1, Leonardo de Moura 2.

VS 3 : SMT Solvers for Program Verification

Correctness of specifications. Correctness. Correctness of specifications (2) Example of a Correctness Proof. Testing versus Correctness Proofs

Formal Methods in Mathematics and the Lean Theorem Prover

Chapter 3 (part 3) Describing Syntax and Semantics

BOOGIE. Presentation by Itsik Hefez A MODULAR REUSABLE VERIFIER FOR OBJECT-ORIENTED PROGRAMS MICROSOFT RESEARCH

Isabelle/HOL:Selected Features and Recent Improvements

Formal Methods at Scale in Microsoft

Semantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics

Satisfiability Modulo Bit-precise Theories for Program Exploration

Main Goal. Language-independent program verification framework. Derive program properties from operational semantics

From Event-B Models to Dafny Code Contracts

A CRASH COURSE IN SEMANTICS

Formally Certified Satisfiability Solving

The Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England

Lectures 20, 21: Axiomatic Semantics

Symbolic and Concolic Execution of Programs

Symbolic Execution, Dynamic Analysis

Adam Chlipala University of California, Berkeley ICFP 2006

Building Program Verifiers from Compilers and Theorem Provers

Automated Software Testing

Congruence Closure in Intensional Type Theory

Program Verification. Aarti Gupta

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Towards certification of TLA + proof obligations with SMT solvers

Tree Interpolation in Vampire

The Prototype Verification System PVS

Cover Page. The handle holds various files of this Leiden University dissertation

Chapter 3. Describing Syntax and Semantics ISBN

Deductive Program Verification with Why3

An Annotated Language

Chapter 3. Describing Syntax and Semantics

6. Hoare Logic and Weakest Preconditions

Why. an intermediate language for deductive program verification

Basic Verification Strategy

Numerical Computations and Formal Methods

FreePascal changes: user documentation

An Extensible Programming Language for Verified Systems Software. Adam Chlipala MIT CSAIL WG 2.16 meeting, 2012

Functional Programming in Coq. Nate Foster Spring 2018

argo-lib: A Generic Platform for Decision Procedures

Software Security: Vulnerability Analysis

Ranking Templates for Linear Loops

Chapter 1. Introduction

Testing & Symbolic Execution

Automatic Verification of Computer Programs

Programming Languages Third Edition

Reasoning about programs

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

Viper A Verification Infrastructure for Permission-Based Reasoning

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Automatic Software Verification

Theorem Proving in Lean

Logik für Informatiker Logic for computer scientists

Verification Conditions. Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany

λ calculus is inconsistent

Static program checking and verification

Matching Logic. Grigore Rosu University of Illinois at Urbana-Champaign

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Lecture 10 Design by Contract

K and Matching Logic

Andrew Reynolds Liana Hadarean

Formal Verification of MIX Programs

Predicate Refinement Heuristics in Program Verification with CEGAR

Verification Condition Generation via Theorem Proving

Vale: Verifying High-Performance Cryptographic Assembly Code

Formal Verification! Prof. Leon Osterweil! Computer Science 520/620! Spring 2012!

Chapter 3. Describing Syntax and Semantics ISBN

Chapter 3. Describing Syntax and Semantics

Software Verification of Safety-Critical Aerospace Systems1

Hyperkernel: Push-Button Verification of an OS Kernel

Program Verification using Templates over Predicate Abstraction. Saurabh Srivastava and Sumit Gulwani

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

Verification Condition Generation

On the correctness of template metaprograms

The SMT-LIB 2 Standard: Overview and Proposed New Theories

Runtime Checking for Program Verification Systems

Combining Static and Dynamic Contract Checking for Curry

Proving the Correctness of Distributed Algorithms using TLA

Why3 where programs meet provers

From Hoare Logic to Matching Logic Reachability. Grigore Rosu and Andrei Stefanescu University of Illinois, USA

Goal. Overflow Checking in Firefox. Sixgill. Sixgill (cont) Verifier Design Questions. Sixgill: Properties 4/8/2010

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Integrating verification in programming languages

Theory and Algorithms for the Generation and Validation of Speculative Loop Optimizations

CS 161 Computer Security

Automated Theorem Proving: DPLL and Simplex

Transcription:

From Z3 to Lean, Efficient Verification Turing Gateway to Mathematics, 19 July 2017 Leonardo de Moura, Microsoft Research

Joint work with Nikolaj Bjorner and Christoph Wintersteiger

Satisfiability Solution/Model unsat, Proof Is execution path P feasible? Is assertion X violated? SAGE Is Formula F Satisfiable?

Symbolic Reasoning Engine Test Case Generation Verifying Compilers Invariant Generation Model Based Testing Type Checking Model Checking

Some Applications at Microsoft SAGE HAVOC Vigilante

Impact Used by many research groups Awards: The most influential tool paper in the first 20 years of TACAS (> 3500 citations) Programming Languages Software Award from ACM SIGPLAN Ships with many popular systems Isabelle, Pex, SAGE, SLAM/SDV, Visual Studio, Solved more than 5 billion constraints created by SAGE when checking Win8/Office

Logic is the calculus of computer science (Z. Manna)

Logic is the calculus of computer science (Z. Manna) Yes, we cannot solve arbitrary problems from the complexity ladder, but

Logic is the calculus of computer science (Z. Manna) We can try to solve the problems we find in real applications

Security is critical Security bugs can be very expensive Cost of each MS security bulletin: $millions Cost due to worms: $billions Most security exploits are initiated via files or packets Ex: Internet browsers parse dozens of file formats Security testing: hunting million dollar bugs

Directed Automated Random Testing SAGE (one of the most successful Z3 applications) developed by Patrice Godefroid

Software verification Specifications Methods contracts Invariants Field and type annotations Program logic: Dijkstra s weakest precondition Verification condition generation

Software verification & automated provers Easy to use for simple properties Main problems: Scalability issues Proof stability in many verification projects: Hyper-V Ironclad & Ironfleet (https://github.com/microsoft/ironclad) Everest (https://project-everest.github.io/)

joint work with Jeremy Avigad, Mario Carneiro, Floris van Doorn, Gabriel Ebner, Johannes Hölzl, Rob Lewis, Jared Roesch, Daniel Selsam and Sebastian Ullrich

Lean aims to bridge the gap between interactive and automated theorem proving

Lean New open source theorem prover (and programming language) Soonho Kong and I started coding in the Fall of 2013 Platform for Software verification Formalized Mathematics Domain specific languages de Bruijn s principle: small trusted kernel Dependent Type Theory Partial constructions: automation fills the "holes"

Inductive Families

Recursive equations

Proofs

Metaprogramming Introduced in Lean 3 (mid 2016) Extend Lean using Lean Access Lean internals using Lean Type inference Unifier Simplifier Decision procedures Type class resolution Proof/Program synthesis

Metaprogramming

Reflecting expressions

2200 lines of code Superposition prover

dlist

transfer tactic Developed by Johannes Hölzl (approx. 200 lines of code) Q We also use it to transfer results from nat to int.

Lean to Z3 Goal: translate a Lean local context, and goal into Z3 query. Recognize fragment and translate to low-order logic (LOL). Logic supports some higher order features, is successively lowered to FOL, finally Z3. Lean LOL Z3 lemma n_gt_0 (a : nat) : a >= 0 := by z3 decl n : int {n >= 0} assert (not (n >= 0)) (declare-const n Int) (assert (>= n 0)) (assert (not (>= n 0))

simple expression language

Writing your own search strategies

simple expression language

Conclusion SMT solvers (like Z3) are very successful in bug finding tools Scalability and proof stability issues Lean aims to bring the best of automated and interactive systems Users can create their on automation, extend and customize Lean Domain specific automation Internal data structures and procedures are exposed to users Whitebox automation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback