SHF: Medium: Collab Research: Synthesizing Verified Analyzers for Critical Software

SHF：媒介：协作研究：为关键软件综合经过验证的分析器

• 批准号: 1900563
• 负责人: David Van Horn
• 金额: $ 59.8万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1900563&HistoricalAwards=false
• 关键词: SHF; Medium; Collab; Research; Synthesizing

The reliability of a complete software system hinges on the reliability of each tool used to construct it. Among these tools are program analyzers which are automated tools for verifying the absence of specific classes of errors such as unsafe memory accesses. While used both for program optimization by compilers, and for eliminating software defects by software developers, program analyzers by themselves are not verified: their reliability is largely assumed and, in current practice, they inhabit a software's trusted computing base. This project develops (a) foundational theories for synthesizing program analyzers directly from their specifications; (b) practical implementations of program analyzers; and (c) rigorous evaluations of both foundational techniques as well as implementations via a mixture of formal methods, software development, and empirical case studies. Underlying these results is the potential for widespread adoption of these tools in practice thus leading to higher reliability of software more generally.The project's techniques and tools will enable the deductive synthesis of sound program analysers in proof assistants in an interactive, mostly-automated style, and using the calculational framework of abstract interpretation with Galois connections. The investigators evaluate this approach by first comparing to existing tools: Fiat, an existing tool for semi-automated deductive synthesis in the theorem prover Coq but which does not support Galois connections, and Constructive Galois Connections, an existing framework for embedding Galois connections in Agda language but which does not support automation. The investigators compare these results with existing on-paper derivations of correct-by-construction program analyzers, as well as existing information flow analyzers which were not derived using the abstract interpretation framework.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

一个完整的软件系统的可靠性取决于用于构建它的每个工具的可靠性。这些工具中包括程序分析器，它是用于验证是否没有特定类别的错误(如不安全的内存访问)的自动化工具。虽然程序分析器既用于编译器的程序优化，也用于消除软件开发人员的软件缺陷，但程序分析器本身并未得到验证：它们的可靠性在很大程度上是假定的，并且在当前的实践中，它们驻留在软件的可信计算基础上。这个项目开发了(A)直接从程序分析器的规范合成程序分析器的基础理论；(B)程序分析器的实际实现；以及(C)通过形式方法、软件开发和经验案例研究的混合对基本技术和实现的严格评估。这些结果的基础是这些工具在实践中被广泛采用的可能性，从而更普遍地导致软件的更高可靠性。该项目的技术和工具将使证明助手中的声音程序分析器能够以交互的、基本上是自动化的风格进行演绎综合，并使用带有Galois连接的抽象解释的计算框架。研究人员首先通过与现有工具进行比较来评估这种方法：Fiat是定理证明器Coq中用于半自动演绎综合的现有工具，但不支持Galois连接；以及构造Galois连接，它是在AGDA语言中嵌入Galois连接的现有框架，但不支持自动化。调查人员将这些结果与现有的按结构更正程序分析器的书面派生结果，以及不使用抽象解释框架派生的现有信息流分析器进行比较。这一裁决反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

ANOSY: approximated knowledge synthesis with refinement types for declassification

ANOSY：具有用于解密的细化类型的近似知识合成

• DOI: 10.1145/3519939.3523725
• 发表时间: 2022
• 期刊: PLDI 2022: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation
• 作者: Guria, Sankha Narayan;Vazou, Niki;Guarnieri, Marco;Parker, James
• 通讯作者: Parker, James

RbSyn: type- and effect-guided program synthesis

RbSyn：类型和效果引导的程序合成

• DOI: 10.1145/3453483.3454048
• 发表时间: 2021
• 期刊: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation
• 作者: Guria, Sankha Narayan;Foster, Jeffrey S.;Van Horn, David
• 通讯作者: Van Horn, David