Using and Building an Automatic Program Verifier

K. Rustan M. LeinoResearch in Software Engineering (RiSE)Microsoft Research, Redmond

Lecture 2Marktoberdorf Summer School 2011Bayrischzell, BY, Germany6 August 2011

Isar and Dafny

lemma name: Pproof

hence Q by sledgehammerhence R by simpthus S by grind

end

Isar and Dafny

lemma name: Pproof

assert Q by sledgehammerassert R by simpassert S by grind

end

Isar and Dafny

ghost method name()ensures P

{assert Q by sledgehammerassert R by simpassert S by grind

}

Isar and Dafny

ghost method name()ensures P

{assert Q by dafnyassert R by dafnyassert S by dafny

}

Isar and Dafny

ghost method name()ensures P;

{assert Q;assert R;assert S;

}

Ghost variables, ghost code

FindZero continued

demo

Object structures

List

demo

Exercises

Listhttp://rise4fun.com/Dafny/MbH

RockBandhttp://rise4fun.com/Dafny/wjD

Links

Dafnyresearch.microsoft.com/dafny

rise4funrise4fun.com

Verification Cornerresearch.microsoft.com/verificationcorner