Proving False in Object-Oriented Verification Programs by Exploiting   Non-Termination

Jaymon Furniss

arXiv:2212.02605·cs.PL·December 7, 2022

Proving False in Object-Oriented Verification Programs by Exploiting Non-Termination

Jaymon Furniss

PDF

Open Access

TL;DR

This paper demonstrates that three popular object-oriented program verifiers can be made unsound by exploiting non-termination and ghost variables, raising concerns about their reliability.

Contribution

It reveals a simple method to cause false proofs in multiple OO verifiers, highlighting potential widespread unsoundness in such tools.

Findings

01

All three verifiers can be tricked into proving false

02

Non-termination can be exploited to break verification soundness

03

The issue may be common across many object-oriented verifiers

Abstract

We looked at three different object-oriented program verifiers: Gobra, KeY, and Dafny. We show that all three can be made to prove false by using a simple trick with ghost variable declaration and non-terminating code. This shows that verifiers for these languages can produce unsound results without much difficulty and that this is possibly common throughout all OO verifiers.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsLogic, programming, and type systems · Software Engineering Research · Formal Methods in Verification