SHF: Medium: Collab Research: Synthesizing Verified Analyzers for Critical Software

SHF：媒介：协作研究：为关键软件综合经过验证的分析器

• 批准号: 1900563
• 负责人: David Van Horn
• 金额: $ 59.8万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1900563&HistoricalAwards=false
• 关键词: SHF; Medium; Collab; Research; Synthesizing

The reliability of a complete software system hinges on the reliability of each tool used to construct it. Among these tools are program analyzers which are automated tools for verifying the absence of specific classes of errors such as unsafe memory accesses. While used both for program optimization by compilers, and for eliminating software defects by software developers, program analyzers by themselves are not verified: their reliability is largely assumed and, in current practice, they inhabit a software's trusted computing base. This project develops (a) foundational theories for synthesizing program analyzers directly from their specifications; (b) practical implementations of program analyzers; and (c) rigorous evaluations of both foundational techniques as well as implementations via a mixture of formal methods, software development, and empirical case studies. Underlying these results is the potential for widespread adoption of these tools in practice thus leading to higher reliability of software more generally.The project's techniques and tools will enable the deductive synthesis of sound program analysers in proof assistants in an interactive, mostly-automated style, and using the calculational framework of abstract interpretation with Galois connections. The investigators evaluate this approach by first comparing to existing tools: Fiat, an existing tool for semi-automated deductive synthesis in the theorem prover Coq but which does not support Galois connections, and Constructive Galois Connections, an existing framework for embedding Galois connections in Agda language but which does not support automation. The investigators compare these results with existing on-paper derivations of correct-by-construction program analyzers, as well as existing information flow analyzers which were not derived using the abstract interpretation framework.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

完整软件系统的可靠性取决于构建该系统的每个工具的可靠性。这些工具包括程序分析器，它们是用于验证是否存在特定类别的错误（例如不安全的内存访问）的自动化工具。虽然编译器用于程序优化，软件开发人员用于消除软件缺陷，但程序分析器本身并未经过验证：它们的可靠性很大程度上是假设的，并且在当前实践中，它们驻留在软件的可信计算基础上。该项目开发了（a）直接从其规范综合程序分析器的基础理论； (b) 程序分析器的实际实现； (c) 通过形式方法、软件开发和实证案例研究的结合，对基础技术和实现进行严格评估。这些结果的基础是这些工具在实践中广泛采用的潜力，从而提高软件的可靠性。该项目的技术和工具将使证明助手中的声音程序分析器以交互式、大部分自动化的方式进行演绎综合，并使用带有伽罗瓦连接的抽象解释的计算框架。研究人员首先通过与现有工具进行比较来评估这种方法：Fiat（定理证明器 Coq 中用于半自动演绎综合的现有工具，但不支持伽罗瓦连接）和构造性伽罗瓦连接（Constructive Galois Connections），用于在 Agda 语言中嵌入伽罗瓦连接的现有框架，但不支持自动化。研究人员将这些结果与现有的构造正确程序分析器的纸面推导以及不是使用抽象解释框架导出的现有信息流分析器进行比较。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

ANOSY: approximated knowledge synthesis with refinement types for declassification

ANOSY：具有用于解密的细化类型的近似知识合成

• DOI: 10.1145/3519939.3523725
• 发表时间: 2022
• 期刊: PLDI 2022: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation
• 作者: Guria, Sankha Narayan;Vazou, Niki;Guarnieri, Marco;Parker, James
• 通讯作者: Parker, James

RbSyn: type- and effect-guided program synthesis

RbSyn：类型和效果引导的程序合成

• DOI: 10.1145/3453483.3454048
• 发表时间: 2021
• 期刊: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation
• 作者: Guria, Sankha Narayan;Foster, Jeffrey S.;Van Horn, David
• 通讯作者: Van Horn, David