Using the coq theorem prover to verify complex data structure invariants

Abstract

While automated static analysis tools can find many useful software bugs, there are still bugs that are beyond the reach of these tools. Most large software systems have complex data structures with complex invariants, and many bugs can be traced to code that does not maintain these invariants. These invariants cannot be easily inferred by automated tools. One must use an interactive system in which developers first enter these invariants to document their software and then use a theorem prover to verify their correctness.We describe the PEDANTIC framework for verifying the correctness of C-like programs using the Coq theorem prover. PEDANTIC is designed to prove invariants over complex dynamic data structures such as inter-referencing trees and linked lists. The language for the invariants is based on separation logic. The PEDANTIC tactic library has been constructed to allow program verifications to be done with reasonably compact proofs.We have completed the verification of a tree traversal program. We are currently working on the verification of a C implementation of the DPLL algorithm in order to demonstrate the utility of the framework on more complex programs. Verifying programs using an interactive theorem prover is quite tedious. We discuss work being done to improve proof development productivity.