Semantics-based generation of verification conditions via program specialization

We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it generates the verification conditions by specializing, using unfold/...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Science of computer programming Ročník 147; s. 78 - 108
Hlavní autoři: De Angelis, E., Fioravanti, F., Pettorossi, A., Proietti, M.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier B.V 01.11.2017
Témata:
Horn clauses
Program specialization
Program verification
Semantics of programming languages
Software model checking
Software model checking
Semantics of programming languages
Horn clauses
Program verification
Program specialization
ISSN:0167-6423, 1872-7964
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it generates the verification conditions by specializing, using unfold/fold transformation rules, a Horn clause interpreter that encodes that semantics. We define a multi-step operational semantics for a fragment of the C language and compare the verification conditions obtained by using this semantics with those obtained by using a more traditional small-step semantics. The flexibility of the approach is further demonstrated by showing that it is possible to easily take into account alternative operational semantics definitions for modeling additional language features. We have proved that the verification condition generation takes a number of transformation steps that is linear with respect to the size of the imperative program to be verified. Also the size of the verification conditions is linear with respect to the size of the imperative program. Besides the theoretical computational complexity analysis, we also provide an experimental evaluation of the method by generating verification conditions using the multi-step and the small-step semantics for a few hundreds of programs taken from various publicly available benchmarks, and by checking the satisfiability of these verification conditions by using state-of-the-art Horn clause solvers. These experiments show that automated verification of programs from a formal definition of the operational semantics is indeed feasible in practice.
ISSN:0167-6423
1872-7964
DOI:10.1016/j.scico.2016.11.002