Top

Formal Methods in System Design

Published in:

06-04-2016

The spirit of ghost code

Authors: Jean-Christophe Filliâtre, Léon Gondelman, Andrei Paskevich

Published in: Formal Methods in System Design | Issue 3/2016

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In the context of deductive program verification, ghost code is a part of the program that is added for the purpose of specification. Ghost code must not interfere with regular code, in the sense that it can be erased without observable difference in the program outcome. In particular, ghost data cannot participate in regular computations and ghost code cannot mutate regular data or diverge. The idea exists in the folklore since the early notion of auxiliary variables and is implemented in many state-of-the-art program verification tools. However, ghost code deserves rigorous definition and treatment, and few formalizations exist. In this article, we describe a simple ML-style programming language with mutable state and ghost code. Non-interference is ensured by a type system with effects, which allows, notably, the same data types and functions to be used in both regular and ghost code. We define the procedure of ghost code erasure and we prove its safety using bisimulation. A similar type system, with numerous extensions which we briefly discuss, is implemented in the program verification environment Why3.

previous article 2014 CAV award announcement

next article SMT-based model checking for recursive programs

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

For the sake of readability, we slightly relax the constraints of the A-normal form and accept arbitrary terms in the reference assignment.

Why3 is freely available from http://why3.lri.fr/.

http://toccata.lri.fr/gallery/ghost.en.html.

Leino KRM (2010) Dafny: an automatic program verifier for functional correctness. In: LPAR-16. Lecture Notes in Computer Science, vol 6355. Springer, pp 348–370

Cohen E, Dahlweid M, Hillebrand M, Leinenbach D, Moskal M, Santen T, Schulte W, Tobies S (2009) VCC: a practical system for verifying concurrent C. In: Theorem proving in higher order logics (TPHOLs). Lecture Notes in Computer Science, vol 5674. Springer

Jacobs B, Piessens F (2008) The VeriFast program verifier. CW Reports CW520. Department of Computer Science, K.U.Leuven

Filliâtre JC, Paskevich A (2013) Why3: where programs meet provers. In: Felleisen M, Gardner P (eds) Proceedings of the 22nd European symposium on programming. Lecture Notes in Computer Science, vol 7792. Springer, pp 125–128

Hatcliff J, Leavens GT, Leino KRM, Müller P, Parkinson M (2009) Behavioral interface specification languages. Technical report CS-TR-09-01, University of Central Florida, School of EECS A survey paper, Draft

Flanagan C, Sabry A, Duba BF, Felleisen M (1993) The essence of compiling with continuations. SIGPLAN Not 28(6):237–247CrossRef

Wright AK, Felleisen M (1992) A syntactic approach to type soundness. Inf Comput 115:38–94MathSciNetCrossRefMATH

Pierce BC (2002) Types and programming languages. MIT Press, CambridgeMATH

Plotkin GD (1975) Call-by-name, call-by-value and the lambda-calculus. Theory Comput Sci 1(2):125–159MathSciNetCrossRefMATH

10.

Jones CB, Roscoe A, Wood KR (2010) Reflections on the Work of C.A.R. Hoare. 1st edn. Springer Publishing Company, Incorporated

11.

Reynolds JC (1981) The craft of programming. Prentice Hall International Series in Computer SciencePrentice Hall, London

12.

Lucas P (1968) Two constructive realizations of the block concept and their equivalence. Technical Report 25.085. IBM Laboratory, Vienna

13.

Kleymann T (1999) Hoare logic and auxiliary variables. Form Asp Comput 11(5):541–566CrossRefMATH

14.

Zhang Z, Feng X, Fu M, Shao Z, Li Y (2012) A structural approach to prophecy variables. In: Agrawal M, Cooper S, Li A (eds) 9th annual conference on theory and applications of models of computation (TAMC). Lecture Notes in Computer Science, Vol 7287. Springer, Berlin, pp 61–71

15.

Schmaltz S (2013) Towards the pervasive formal verification of multi-core operating systems and hypervisors implemented in C. PhD thesis, Saarland University, Saarbrücken

16.

Leino KRM, Moskal M (2014) Co-induction simply: automatic co-inductive proofs in a program verifier. In: Jones C, Pihlajasaari P, Sun J (eds) FM 2014: formal methods. Lecture Notes in Computer Science, vol 8442, Springer, pp 382–398

17.

Denning DE, Denning PJ (1977) Certification of programs for secure information flow. Commun ACM 20(2):504–513CrossRefMATH

18.

Pottier F, Conchon S (2000) Information flow inference for free. In: Proceedings of the fifth ACM SIGPLAN international conference on functional programming (ICFP’00). Montréal, pp 46–57

19.

Pottier F, Simonet V (2003) Information flow inference for ML. In: ACM Transactions on programming languages and systems. ACM, vol 25(1), pp 117–158

20.

Paulin-Mohring C (1989) Extracting \({F}_{\omega }\)’s programs from proofs in the Calculus of Constructions. In: Sixteenth annual ACM symposium on principles of programming languages. ACM Press, Austin

21.

Paulin-Mohring C (1989) Extraction de programmes dans le Calcul des Constructions. Thèse d’université, Paris 7

22.

Filliâtre JC, Gondelman L, Paskevich A (2014) The spirit of ghost code. In: Biere A, Bloem R (eds) 26th international conference on computer aided verification. Lecture Notes in Computer Science, vol 8859. Springer, Vienna, pp 1–16

Title: The spirit of ghost code
Authors: Jean-Christophe Filliâtre
Léon Gondelman
Andrei Paskevich
Publication date: 06-04-2016
Publisher: Springer US
Published in: Formal Methods in System Design / Issue 3/2016
Print ISSN: 0925-9856
Electronic ISSN: 1572-8102
DOI: https://doi.org/10.1007/s10703-016-0243-x

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 3/2016

SMT-based model checking for recursive programs

Efficient GPU algorithms for parallel decomposition of graphs into strongly connected and maximal end components

An efficient SMT solver for string constraints

From invariant checking to invariant inference using randomized search

A search-based procedure for nonlinear real arithmetic

2014 CAV award announcement

Premium Partner