Functional programming offers the perfect ground for building correct-by-construction software. Languages of such paradigm normally feature state-of-the-art type systems, good abstraction mechanisms, and well-defined execution models. We claim that all of these make software written in a functional language excellent targets for formal certification. Yet, somehow surprising, techniques such as deductive verification have been seldom applied to large-scale programs, written in mainstream functional languages. In this paper, we wish to address this situation and present the auto-active proof of realistic OCaml implementations. We choose implementations issued from the OCamlgraph library as our target, since this is both a large-scale and widely-used piece of OCaml code. We use Cameleer, a recently proposed tool for the deductive verification of OCaml programs, to conduct the proofs of the selected case studies. The vast majority of such proofs are completed fully-automatically, using SMT solvers, and when needed we can apply lightweight interactive proof inside the Why3 IDE (Cameleer translates an input program into an equivalent WhyML one, the language of the Why3 verification framework). To the best of our knowledge, these are the first mechanized, mostly-automated proofs of graph algorithms written in OCaml.
翻译:功能性编程为建立按部就班的软件提供了完美的基础。 这种范例的语言通常以最先进的系统、良好的抽象机制和明确界定的执行模式为主。 我们声称所有这些模式都使软件以功能性语言写成,为正式认证提供了极佳的目标。 然而,令人惊讶的是,诸如计算核查等技术很少应用于大型程序,而这种程序则以主流功能语言写成。在本文中,我们希望处理这种情况,提出现实的OCaml执行的自动主动证明。我们选择从OCamlgraph图书馆发出的执行软件作为我们的目标,因为这是一个大规模和广泛使用的OCaml 代码。我们使用Cameleer,这是最近提出的对OCaml 程序进行推算性核查的工具,用来进行选定案例研究的证明。这类证据的绝大多数是完全自动完成的,使用SMT解算解答解答器,必要时,我们可以将较轻的交互证据应用到“为什么3 IDE”(Camleer将一个输入程序翻译成一个相当于为什么ML1, 大部分是自动解算器中我的最佳知识)。