Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable

Pedro Barroso; Mário Pereira; António Ravara

doi:10.1007/978-3-031-25803-9_2

Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable

Pedro Barroso, Mário Pereira, António Ravara

NOVALincs

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Xavier Leroy and Sandrine Blazy in 2007 conducted a formal verification, using the Coq proof assistant, of a memory model for low-level imperative languages such as C. Considering their formalization was performed essentially in first-order logic, one question left open by the authors was whether their proofs could be automated using a verification framework for first-order logic. We took the challenge and automated their formalization using Why3, significantly reducing the proof effort. We systematically followed the Coq proofs and realized that in many cases at around one third of the way Why3 was able to discharge all VCs. Furthermore, the proofs still requiring interactions (e.g. induction, witnesses for existential proofs, assertions) were factorized isolating auxiliary results that we stated explicitly. In this way, we achieved an almost-automatic soundness and safety proof of the memory model. Nonetheless, our development allows an extraction of a correct-by-construction concrete memory model, going thus further than the preliminary Why version of Leroy and Blazy.

Original language	English
Title of host publication	Verified Software. Theories, Tools and Experiments.
Subtitle of host publication	14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers
Editors	Akash Lal, Stefano Tonetta
Place of Publication	Cham
Publisher	Springer
Pages	20-32
Number of pages	13
ISBN (Electronic)	978-3-031-25803-9
ISBN (Print)	978-3-031-25802-2
DOIs	https://doi.org/10.1007/978-3-031-25803-9_2
Publication status	Published - 1 Feb 2023
Event	14th International Conference on Verified Software. Theories, Tools and Experiments, VSTTE 2022 - Trento, Italy Duration: 17 Oct 2022 → 18 Oct 2022

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13800
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Verified Software. Theories, Tools and Experiments, VSTTE 2022
Country/Territory	Italy
City	Trento
Period	17/10/22 → 18/10/22

Keywords

C memory model
Formal proof
Theorem proving
Why3

Access to Document

10.1007/978-3-031-25803-9_2

Cite this

Barroso, P., Pereira, M., & Ravara, A. (2023). Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable. In A. Lal, & S. Tonetta (Eds.), Verified Software. Theories, Tools and Experiments.: 14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers (pp. 20-32). (Lecture Notes in Computer Science; Vol. 13800). Springer. https://doi.org/10.1007/978-3-031-25803-9_2

Barroso, Pedro ; Pereira, Mário ; Ravara, António. / Leroy and Blazy Were Right : Their Memory Model Soundness Proof is Automatable. Verified Software. Theories, Tools and Experiments.: 14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers. editor / Akash Lal ; Stefano Tonetta. Cham : Springer, 2023. pp. 20-32 (Lecture Notes in Computer Science).

@inproceedings{ece11b0e228643ac937d42cab8bcdfa5,

title = "Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable",

abstract = "Xavier Leroy and Sandrine Blazy in 2007 conducted a formal verification, using the Coq proof assistant, of a memory model for low-level imperative languages such as C. Considering their formalization was performed essentially in first-order logic, one question left open by the authors was whether their proofs could be automated using a verification framework for first-order logic. We took the challenge and automated their formalization using Why3, significantly reducing the proof effort. We systematically followed the Coq proofs and realized that in many cases at around one third of the way Why3 was able to discharge all VCs. Furthermore, the proofs still requiring interactions (e.g. induction, witnesses for existential proofs, assertions) were factorized isolating auxiliary results that we stated explicitly. In this way, we achieved an almost-automatic soundness and safety proof of the memory model. Nonetheless, our development allows an extraction of a correct-by-construction concrete memory model, going thus further than the preliminary Why version of Leroy and Blazy.",

keywords = "C memory model, Formal proof, Theorem proving, Why3",

author = "Pedro Barroso and M{\'a}rio Pereira and Ant{\'o}nio Ravara",

note = "Funding Information: info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDB%2F04516%2F2020/PT# info:eu-repo/grantAgreement/FCT/OE/UI%2FBD%2F151265%2F2021/PT# Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 14th International Conference on Verified Software. Theories, Tools and Experiments, VSTTE 2022 ; Conference date: 17-10-2022 Through 18-10-2022",

year = "2023",

month = feb,

day = "1",

doi = "10.1007/978-3-031-25803-9_2",

language = "English",

isbn = "978-3-031-25802-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "20--32",

editor = "Akash Lal and Stefano Tonetta",

booktitle = "Verified Software. Theories, Tools and Experiments.",

address = "Netherlands",

}

Barroso, P , Pereira, M & Ravara, A 2023, Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable. in A Lal & S Tonetta (eds), Verified Software. Theories, Tools and Experiments.: 14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers. Lecture Notes in Computer Science, vol. 13800, Springer, Cham, pp. 20-32, 14th International Conference on Verified Software. Theories, Tools and Experiments, VSTTE 2022, Trento, Italy, 17/10/22. https://doi.org/10.1007/978-3-031-25803-9_2

Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable. / Barroso, Pedro ; Pereira, Mário ; Ravara, António.
Verified Software. Theories, Tools and Experiments.: 14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers. ed. / Akash Lal; Stefano Tonetta. Cham: Springer, 2023. p. 20-32 (Lecture Notes in Computer Science; Vol. 13800).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Leroy and Blazy Were Right

T2 - 14th International Conference on Verified Software. Theories, Tools and Experiments, VSTTE 2022

AU - Barroso, Pedro

AU - Pereira, Mário

AU - Ravara, António

N1 - Funding Information: info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/UIDB%2F04516%2F2020/PT# info:eu-repo/grantAgreement/FCT/OE/UI%2FBD%2F151265%2F2021/PT# Publisher Copyright: © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2023/2/1

Y1 - 2023/2/1

N2 - Xavier Leroy and Sandrine Blazy in 2007 conducted a formal verification, using the Coq proof assistant, of a memory model for low-level imperative languages such as C. Considering their formalization was performed essentially in first-order logic, one question left open by the authors was whether their proofs could be automated using a verification framework for first-order logic. We took the challenge and automated their formalization using Why3, significantly reducing the proof effort. We systematically followed the Coq proofs and realized that in many cases at around one third of the way Why3 was able to discharge all VCs. Furthermore, the proofs still requiring interactions (e.g. induction, witnesses for existential proofs, assertions) were factorized isolating auxiliary results that we stated explicitly. In this way, we achieved an almost-automatic soundness and safety proof of the memory model. Nonetheless, our development allows an extraction of a correct-by-construction concrete memory model, going thus further than the preliminary Why version of Leroy and Blazy.

AB - Xavier Leroy and Sandrine Blazy in 2007 conducted a formal verification, using the Coq proof assistant, of a memory model for low-level imperative languages such as C. Considering their formalization was performed essentially in first-order logic, one question left open by the authors was whether their proofs could be automated using a verification framework for first-order logic. We took the challenge and automated their formalization using Why3, significantly reducing the proof effort. We systematically followed the Coq proofs and realized that in many cases at around one third of the way Why3 was able to discharge all VCs. Furthermore, the proofs still requiring interactions (e.g. induction, witnesses for existential proofs, assertions) were factorized isolating auxiliary results that we stated explicitly. In this way, we achieved an almost-automatic soundness and safety proof of the memory model. Nonetheless, our development allows an extraction of a correct-by-construction concrete memory model, going thus further than the preliminary Why version of Leroy and Blazy.

KW - C memory model

KW - Formal proof

KW - Theorem proving

KW - Why3

UR - http://www.scopus.com/inward/record.url?scp=85151052410&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-25803-9_2

DO - 10.1007/978-3-031-25803-9_2

M3 - Conference contribution

AN - SCOPUS:85151052410

SN - 978-3-031-25802-2

T3 - Lecture Notes in Computer Science

SP - 20

EP - 32

BT - Verified Software. Theories, Tools and Experiments.

A2 - Lal, Akash

A2 - Tonetta, Stefano

PB - Springer

CY - Cham

Y2 - 17 October 2022 through 18 October 2022

ER -

Barroso P , Pereira M , Ravara A. Leroy and Blazy Were Right: Their Memory Model Soundness Proof is Automatable. In Lal A, Tonetta S, editors, Verified Software. Theories, Tools and Experiments.: 14th International Conference, VSTTE 2022, Trento, Italy, October 17–18, 2022, Revised Selected Papers. Cham: Springer. 2023. p. 20-32. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-25803-9_2