"I verify, therefore I am consistent!"
hob. 1. The block in the center of a wheel, from which the spokes radiate, and through which the axle passes; -- called also hub or hob.
Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc.
The goal of the Hob project is to verify sophisticated properties of programs that manipulate complex, heterogenous data structures.
News
- UROP position available
- We have ported the complete Water benchmark to our system (1500 lines), and it successfully executes. We have annotated the code with typestate properties, and have verified those properties; we continue to add new properties.
Overview
Our technique enables the verification of data structure consistency constraints by applying multiple analyses to different modules in the same program. In our approach, each module encapsulates one or more data structures and uses membership in abstract sets to characterize how objects participate in data structures. Each analysis verifies that the implementation of the module 1) preserves important internal data structure consistency properties and 2) correctly implements an interface that uses formulas in a set algebra to characterize the effects of operations on the encapsulated data structures. Collectively, the analyses use the set algebra to 1) characterize how objects participate in multiple data structures and to 2) enable the inter-analysis communication required to verify properties that depend on multiple modules analyzed by different analyses.
We have implemented our system and deployed three pluggable analyses into it: a flag analysis for modules in which abstract set membership is determined by a flag field in each object, a plugin for modules that encapsulate linked data structures such as lists and trees, and an array plugin in which abstract set membership is determined by membership in an array. Our experimental results indicate that our approach makes it possible to effectively combine multiple analyses to verify properties that involve objects shared by multiple modules, with each analysis analyzing only those modules for which it is appropriate.
Implementation
Our implementation provides an infrastructure with several general components that perform tasks required by all analyses. The implementation language component can parse and type-check implementation sections. It produces an abstract syntax tree and methods that allow analyses to conveniently access this representation. Similarly, the specification component can parse and type check specification sections and provides access to the resulting abstract syntax tree. Large parts of abstraction sections are expressed in a language that is specific to each analysis. The abstraction section component parses those parts of the abstraction section syntax that are common to all analyses and uses uninterpreted strings to pass along the analysis-specific parts. Finally, the implementation provides a driver that processes the program and invokes the appropriate analysis for each module that it encounters. Our implementation consists of approximately 10,000 lines of O'Caml code, to which the flag plugin contributes 2000 lines, the PALE plugin another 700 lines, and the array analysis plugin 1000 lines.
Software
- Analysis Engine and Examples
- Modified version of SableCC needed for Hob
- Subversion Repository
- Boolean Algebra with Presburger Arithmetic
- MONA formula viewer
Papers (see also homepages of project members):
- [ps,
pdf,
bib]
Cross-Cutting Techniques in Program Specification and Analysis (draft). 4th International Conference on Aspect-Oriented Software Development, Chicago, IL. March 14-18, 2005.
(Explains scope and default constructs for avoiding specification accumulation problem.) - [ps,
pdf,
bib]
Generalized Typestate Checking for Data Structure Consistency.
6th International Conference on Verification, Model Checking and Abstract Interpretation
(VMCAI 2005),
Paris, France. January 17-19, 2005.
(Explains the typestate plugin and its role in the rest of the system.) - [ps,
pdf,
bib]
Combining Theorem Proving with Static Analysis for Data Structure Consistency. 2nd International Workshop on Software Verification and Validation (SVV 2004). Seattle, WA. November 8, 2004.
(Explains the use of Isabelle plugin for verifying array-based set implementations.) - [ps,
pdf,
bib]
Generalized Typestate Checking Using Set Interfaces and Pluggable Analyses. SIGPLAN Notices,
Volume 39, Issue 3 (March 2004), pages 46-55.
(Explains how set interfaces can be viewed as a generalization of typestate.) - [ps,
pdf]
On Our Experience with Modular Pluggable Analyses. MIT CSAIL Technical Report 965.
(Presents the system and reviews some of the results obtained using the tool so far.) - [ps,
pdf,
bib]
On Modular Pluggable Analyses Using Set Interfaces.
MIT CSAIL Technical Report 933.
(One of the earlier proposals for the analysis, including the basic idea and correctness argument.) - [ps,
pdf]
Enabling Modular Consistency Checking for Linked Data Structures.
(Describes the PALE plugin in the context of our system.)
Presentations
- Patrick Lam, Viktor Kuncak and Martin Rinard. IBM Programming Languages Day, 2004: Modular Pluggable Analysis.
- Patrick Lam. Québec Programming Languages Seminaire, Fall 2004: The Hob System for Verifying Data Structure Consistency Properties [sxi].
People
- Patrick Lam
- Viktor Kuncak
- Karen Zee
- Thomas Wies
- Martin Rinard
Last modified by plam, on Thu Oct 28 14:13:04 EDT 2004.
