Intra-Module Inference

MSR-TR-2009-12 |

Computer Aided Verification (CAV '09)

Contract-based property checkers hold the potential for precise, scalable, and incremental reasoning. However, it is difficult to apply such checkers to large program modules because they require programmers to provide detailed contracts, including an interface specification, a module invariant, and internal specifications. We argue that given a suitably rich assertion language, modest effort suffices to document the interface specification and the module invariant. However, the burden of providing internal specifications is still significant and remains a deterrent to the use of contract-based checkers. Therefore, we consider the problem of it intra-module inference, which aims to infer annotations for internal procedures and loops, given the interface specification and the module invariant. We provide simple and scalable techniques to search for a broad class of desired internal annotations, comprising of quantifiers and Boolean connectives, guided by the module specification. We have validated our ideas by building a prototype verifier and using it to verify several properties on Windows device drivers with zero false alarms and small annotation overhead. These drivers are complex; they contain thousands of lines and use dynamic data structures such as linked lists and arrays. Our technique significantly improves the soundness, precision, and coverage of verification of these programs compared to earlier techniques.