Type-directed Bounding of Collections in Reactive Programs
Our aim is to statically verify that in a given reactive program, the length of collection variables does not grow beyond a given bound. We propose a scalable type-based technique that checks that each collection variable has a given refinement type that specifies constraints about its length. A novel feature of our refinement types is that the refinements can refer to AST counters that track how many times an AST node has been executed. This feature enables type refinements to track limited flow-sensitive information. We generate verification conditions that ensure that the AST counters are used consistently, and that the types imply the given bound. The verification conditions are discharged by an off-the-shelf SMT solver. Experimental results demonstrate that our technique is scalable, and effective at verifying reactive programs with respect to requirements on length of collections.
Tue 15 JanDisplayed time zone: Belfast change
14:00 - 15:30
|Type-directed Bounding of Collections in Reactive Programs|
|Exploiting Pointer Analysis in Memory Models for Deductive Verification|
Quentin Bouillaguet , François Bobot CEA, Mihaela Sighireanu IRIF, University Paris Diderot and CNRS, France, Boris Yakobowski CEA - LISTFile Attached
|Small Faults Grow Up - Verification of Error Masking Robustness in Arithmetically Encoded Programs|