Verification Tools in Practice

Testing, Quality Assurance, and MaintenanceWinter 2017

Prof. Arie Gurfinkel

2 22

Turing, 1949 Alan M. Turing. “Checking a large routine”, 1949

3 3

Verification Competition

http://etaps2016.verifythis.org/

4 4

Microsoft Visual Studio Products

Code Contracts• https://marketplace.visualstudio.com/items?itemName=RiSEResearchinSoftw

areEngineering.CodeContractsforNET• https://github.com/Microsoft/CodeContracts

• statically and dynamically checked method pre- and post-conditions

IntelliTest• https://www.visualstudio.com/en-us/docs/test/developer-testing/intellitest-

manual/introduction

• automated test generation by dynamic symbolic execution

5 5

WHY3

http://why3.lri.fr/

6 6

VeriFast

https://people.cs.kuleuven.be/~bart.jacobs/verifast/

7 7

Viper

http://www.pm.inf.ethz.ch/research/viper.html

8 8

Open JML

http://www.openjml.org/

9 9

The KeY Project

https://www.key-project.org/

10 10

http://envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it/

11 11

Frama-C

https://frama-c.com/

12 12

SPARKPro

http://www.adacore.com/sparkpro/

13 13

Amazon S2N

https://aws.amazon.com/blogs/security/automated-reasoning-and-amazon-s2n/

14 14

IronClad and InronFleet

https://github.com/Microsoft/Ironclad

15 15

Is Verification Enough

Can verified software fail?

Do we need both testing and verification?