skip to main content
10.1145/2491956.2491978acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Verifying higher-order programs with the dijkstra monad

Published: 16 June 2013 Publication History

Abstract

Modern programming languages, ranging from Haskell and ML, to JavaScript, C# and Java, all make extensive use of higher-order state. This paper advocates a new verification methodology for higher-order stateful programs, based on a new monad of predicate transformers called the Dijkstra monad.
Using the Dijkstra monad has a number of benefits. First, the monad naturally yields a weakest pre-condition calculus. Second, the computed specifications are structurally simpler in several ways, e.g., single-state post-conditions are sufficient (rather than the more complex two-state post-conditions). Finally, the monad can easily be varied to handle features like exceptions and heap invariants, while retaining the same type inference algorithm.
We implement the Dijkstra monad and its type inference algorithm for the F* programming language. Our most extensive case study evaluates the Dijkstra monad and its F* implementation by using it to verify JavaScript programs.
Specifically, we describe a tool chain that translates programs in a subset of JavaScript decorated with assertions and loop invariants to F*. Once in F*, our type inference algorithm computes verification conditions and automatically discharges their proofs using an SMT solver. We use our tools to prove that a core model of the JavaScript runtime in F* respects various invariants and that a suite of JavaScript source programs are free of runtime errors.

References

[1]
M. Barnett, R. DeLine, M. Fahndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. JOT, 3, 2004.
[2]
K. Bhargavan, C. Fournet, and N. Guts. Typechecking higher-order security libraries. In APLAS, pages 47--62, 2010.
[3]
G. M. Bierman, A. D. Gordon, C. Hrictcu, and D. Langworthy. Semantic subtyping with an SMT solver. In ICFP, 2010.
[4]
J. Borgström, A. Gordon, and R. Pucella. Roles, stacks, histories: A triple for Hoare. Technical Report TR-2009--97, Microsoft Research, 2009.
[5]
J. Borgstrom, J. Chen, and N. Swamy. Verifying stateful programs with substructural state and hoare types. In PLPV, Jan. 2011.
[6]
R. Cartwright. A Practical Formal Semantic Definition and Verification System for TYPED LISP. Garland Publishing, New York, 1976.
[7]
R. Cartwright and M. Fagan. Soft typing. In PLDI, 1991.
[8]
A. Charguéraud. Characteristic formulae for the verification of imperative programs. In ICFP, 2011.
[9]
J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-to-end verification of security enforcement. In PLDI, 2010.
[10]
R. Chugh, D. Herman, and R. Jhala. Dependent types for JavaScript. In OOPSLA, 2012.
[11]
R. Chugh, P. M. Rondon, and R. Jhala. Nested refinements: a logic for duck typing. In POPL, 2012.
[12]
D. Crockford. JavaScript: The Good Parts. O'Reilly Media Inc., 2008.
[13]
L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008.
[14]
E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM, 18: 453--457, August 1975.
[15]
J.-C. Filliâtre and C. Marché. The why/krakatoa/caduceus platform for deductive program verification. In CAV, pages 173--177, 2007.
[16]
C. Fournet, N. Swamy, J. Chen, P. Evariste-Dagand, P.-Y. Strub, and B. Livshits. Fully abstract compilation to JavaScript. In POPL, 2013.
[17]
P. A. Gardner, G. D. Smith, M. J. Wheelhouse, and U. D. Zarfaty. Local Hoare reasoning about DOM. In PODS, 2008.
[18]
P. A. Gardner, S. Maffeis, and G. D. Smith. Towards a program logic for Javascript. In POPL, 2012.
[19]
S. Guarnieri and B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In USENIX Security, 2009.
[20]
A. Guha, C. Saftoiu, and S. Krishnamurthi. The essence of JavaScript. In ECOOP, 2010.
[21]
A. Guha, M. Fredrikson, B. Livshits, and N. Swamy. Verified security for browser extensions. In IEEE Symposium on Security and Privacy, 2011.
[22]
F. Henglein. Dynamic typing: syntax and proof theory. Science of Computer Programming, 22: 197--230, 1994.
[23]
F. Henglein and J. Rehof. Safe polymorphic type inference for Scheme: Translating Scheme to ML. In FPCA, pages 192--203, 1995.
[24]
S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In SAS, pages 238--255, 2009.
[25]
N. Kobayashi, R. Sato, and H. Unno. Predicate abstraction and CEGAR for higher-order model checking. In PLDI, pages 222--233, 2011.
[26]
K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In LPAR (Dakar), pages 348--370, 2010.
[27]
K. R. M. Leino and P. Rümmer. A polymorphic intermediate verification language: Design and logical encoding. In TACAS, 2010.
[28]
J. McCarthy. Towards a mathematical science of computation. In IFIP Congress, pages 21--28, 1962.
[29]
A. Nanevski, A. Ahmed, G. Morrisett, and L. Birkedal. Abstract predicates and mutable adts in hoare type theory. In ESOP, pages 189--204, 2007.
[30]
A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: dependent types for imperative programs. In ICFP, 2008.
[31]
A. Nanevski, J. G. Morrisett, and L. Birkedal. Hoare type theory, polymorphism and separation. J. Funct. Program., 18 (5--6): 865--911, 2008.
[32]
P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In POPL, 2004.
[33]
M. Parkinson and G. Bierman. Separation logic and abstraction. In POPL, 2005.
[34]
P. M. Rondon, M. Kawaguchi, and R. Jhala. Liquid types. In PLDI, 2008.
[35]
N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In ICFP, 2011.
[36]
N. Swamy, N. Guts, D. Leijen, and M. Hicks. Lightweight monadic programming in ML. In ICFP, 2011.
[37]
S. Tobin-Hochstadt and M. Felleisen. Logical types for untyped languages. In ICFP, 2010.
[38]
D. Vardoulakis and O. Shivers. CFA2: a Context-Free Approach to Control-Flow Analysis. Logical Methods in Computer Science, 7 (2:3), 2011.

Cited By

View all
  • (2025)Program Logics à la CarteProceedings of the ACM on Programming Languages10.1145/37048479:POPL(300-331)Online publication date: 9-Jan-2025
  • (2024)Higher-Order Model Checking of Effect-Handling Programs with Answer-Type ModificationProceedings of the ACM on Programming Languages10.1145/36898058:OOPSLA2(2662-2691)Online publication date: 8-Oct-2024
  • (2024)A HAT Trick: Automatically Verifying Representation Invariants using Symbolic Finite AutomataProceedings of the ACM on Programming Languages10.1145/36564338:PLDI(1387-1411)Online publication date: 20-Jun-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2013
546 pages
ISBN:9781450320146
DOI:10.1145/2491956
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 48, Issue 6
    PLDI '13
    June 2013
    515 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/2499370
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2013

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. dynamic languages
  2. hoare monad
  3. predicate transformer
  4. refinement types

Qualifiers

  • Research-article

Conference

PLDI '13
Sponsor:

Acceptance Rates

PLDI '13 Paper Acceptance Rate 46 of 267 submissions, 17%;
Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)71
  • Downloads (Last 6 weeks)11
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Program Logics à la CarteProceedings of the ACM on Programming Languages10.1145/37048479:POPL(300-331)Online publication date: 9-Jan-2025
  • (2024)Higher-Order Model Checking of Effect-Handling Programs with Answer-Type ModificationProceedings of the ACM on Programming Languages10.1145/36898058:OOPSLA2(2662-2691)Online publication date: 8-Oct-2024
  • (2024)A HAT Trick: Automatically Verifying Representation Invariants using Symbolic Finite AutomataProceedings of the ACM on Programming Languages10.1145/36564338:PLDI(1387-1411)Online publication date: 20-Jun-2024
  • (2024)Bridging the Gap: Automated Analysis of Sancus2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00023(233-248)Online publication date: 8-Jul-2024
  • (2024)Succinct Ordering and Aggregation Constraints in Algebraic Array TheoriesJournal of Logical and Algebraic Methods in Programming10.1016/j.jlamp.2024.100978(100978)Online publication date: May-2024
  • (2024)On algebraic array theoriesJournal of Logical and Algebraic Methods in Programming10.1016/j.jlamp.2023.100906136(100906)Online publication date: Jan-2024
  • (2023)Dependently-Typed Programming with Logical Equality ReflectionProceedings of the ACM on Programming Languages10.1145/36078527:ICFP(649-685)Online publication date: 31-Aug-2023
  • (2023)Formalizing, Verifying and Applying ISA Security Guarantees as Universal ContractsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616602(2083-2097)Online publication date: 15-Nov-2023
  • (2023)Identifying Overly Restrictive Matching Patterns in SMT-based Program Verifiers (Extended Version)Formal Aspects of Computing10.1145/357174835:2(1-27)Online publication date: 24-Jun-2023
  • (2022)Specification-guided component-based synthesis from effectful librariesProceedings of the ACM on Programming Languages10.1145/35633106:OOPSLA2(616-645)Online publication date: 31-Oct-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media