Akash Lal Stefano Tonetta (Eds.) 0 0 8 3 Verified Software 1 S C N Theories, Tools and Experiments L 14th International Conference, VSTTE 2022 Trento, Italy, October 17–18, 2022 Revised Selected Papers Lecture Notes in Computer Science 13800 FoundingEditors GerhardGoos KarlsruheInstituteofTechnology,Karlsruhe,Germany JurisHartmanis CornellUniversity,Ithaca,NY,USA EditorialBoardMembers ElisaBertino PurdueUniversity,WestLafayette,IN,USA WenGao PekingUniversity,Beijing,China BernhardSteffen TUDortmundUniversity,Dortmund,Germany MotiYung ColumbiaUniversity,NewYork,NY,USA Moreinformationaboutthisseriesathttps://link.springer.com/bookseries/558 · Akash Lal Stefano Tonetta (Eds.) Verified Software Theories, Tools and Experiments 14th International Conference, VSTTE 2022 Trento, Italy, October 17–18, 2022 Revised Selected Papers Editors AkashLal StefanoTonetta MicrosoftResearch FondazioneBrunoKessler Karnataka,India Trento,Italy ISSN 0302-9743 ISSN 1611-3349 (electronic) LectureNotesinComputerScience ISBN 978-3-031-25802-2 ISBN 978-3-031-25803-9 (eBook) https://doi.org/10.1007/978-3-031-25803-9 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicense toSpringerNatureSwitzerlandAG2023 Chapter“AFormalSemanticsforP-Code”islicensedunderthetermsoftheCreativeCommonsAttribution4.0 InternationalLicense(http://creativecommons.org/licenses/by/4.0/).Forfurtherdetailsseelicenseinformation inthechapter. Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthors,andtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface ThisvolumecontainsthecontributedpaperspresentedatVSTTE2022,the14thWork- ingConferenceonVerifiedSoftware:Theories,ToolsandExperimentsheldonOctober 17–18, 2022 in Trento, Italy. The working conference was co-located with the 22nd International Conference on Formal Methods in Computer-Aided Design (FMCAD 2022). The Verified Software Initiative (VSI), spearheaded by Tony Hoare and Jayadev Misra,isanambitiousresearchprogramformakinglarge-scaleverifiedsoftwareapracti- calreality.VSTTEisthemainforumforadvancingtheinitiative.VSTTEbringstogether experts spanning the spectrum of software verification in order to foster international collaborationonthecriticalresearchchallenges. There were 20 submissions to VSTTE 2022, with authors from 14 countries. The ProgramCommitteeconsistedof27distinguishedcomputerscientistsfromalloverthe world.EachsubmissionwasreviewedbyatleastthreeProgramCommitteemembersin asingle-blindmode.Inordertoensurethattopic-specificexpertreviewswereobtained, helpwasalsosoughtfromfivesub-reviewers.Afteracomprehensivediscussiononthe strengthsandweaknessesofpapers,thecommitteedecidedtoacceptninepapers.The technicalprogramalsoincludedtwoinvitedtalksbyAwsAlbarghouthi(Universityof Wisconsin,Madison,USA)andCezaraDragoi(Amazon,France),aswellasaninvited tutorialbySanjitSeshia(UniversityofCalifornia,Berkeley,USA)thatwasheldjointly withFMCAD2022. We greatly acknowledge the help of the FMCAD 2022 Organizing Committee as wellasNatarajanShankarwithalllogisticalmattersinrunningVSTTE2022.Weare alsothankfultoEasyChairforprovidinganeasyandefficientmechanismforsubmission ofpapers,managementofreviews,andeventuallyinthegenerationofthisvolume. December2022 SupratikChakraborty AkashLal StefanoTonetta Organization GeneralChair SupratikChakraborty IITBombay,India ProgramChairs AkashLal MicrosoftResearch,India StefanoTonetta FBK,Italy ProgramCommittee ChristelBaier TUDresden,Germany NikolajBjorner MicrosoftResearch,USA RoderickBloem GrazUniversityofTechnology,Austria BorzooBonakdarpour MichiganStateUniversity,USA SupratikChakraborty IITBombay,India Chih-HongCheng FraunhoferIKS,Germany GrigoryFedyukovich FloridaStateUniversity,USA BerndFinkbeiner CISPAHelmholtzCenterforInformation Security,Germany CarloA.Furia UniversitàdellaSvizzeraItaliana,Switzerland RajeevJoshi AWS,USA ZacharyKincaid PrincetonUniversity,USA AkashLal MicrosoftResearch,India ThierryLecomte ClearSy,France SergioMover EcolePolytechnique,France KartikNagar IITMadras,India AinaNiemetz StanfordUniversity,USA GennaroParlato UniversityofMolise,Italy KristinYvonneRozier IowaStateUniversity,USA NatarajanShankar SRIInternational,USA StefanoTonetta FBK,Italy ElenaTroubitsyna KTH,Sweden HiroshiUnno UniversityofTsukuba,Japan JyothiVedurada IITHyderabad,India YakirVizel Technion-IsraelInstituteofTechnology,Israel YuepengWang SimonFraserUniversity,Canada viii Organization ChaoWang UniversityofSouthernCalifornia,USA KirstenWinter UniversityofQueensland,Australia AdditionalReviewers Hsu,Tzu-Han Larrauri,Alberto Lee,Juneyoung Momtaz,Anik Passing,Noemi Wu,Haoze Contents CompositionalSafetyLTLSynthesis ..................................... 1 SugumanBansal,GiuseppeDeGiacomo,AntonioDiStasio,YongLi, MosheY.Vardi,andShufangZhu LeroyandBlazyWereRight:TheirMemoryModelSoundnessProofis Automatable .......................................................... 20 PedroBarroso,MárioPereira,andAntónioRavara Shellac:ACompilerSynthesizerforConcurrentPrograms .................. 33 ChristopherK.Chen,MargoI.Seltzer,andMarkR.Greenstreet ASequentializationProcedureforFault-TolerantProtocols .................. 52 CezaraDraˇgoiandPatricioInzaghiPronesti TowardsPracticalPartialOrderReductionforHigh-LevelFormalisms ........ 72 PhilippKörnerandMichaelLeuschel SMT-BasedVerificationofPersistencyInvariantsofPx86Programs .......... 92 IasonMarmanisandViktorVafeiadis AFormalSemanticsforP-Code ......................................... 111 NicoNaus,FreekVerbeek,DaleWalker,andBinoyRavindran SeparatingSeparationLogic–ModularVerificationofRed-BlackTrees ....... 129 GerhardSchellhorn, StefanBodenmüller, MartinBitterlich, andWolfgangReif ResidualRuntimeVerificationviaReachabilityAnalysis .................... 148 ChukriSoueidiandYlièsFalcone AuthorIndex ......................................................... 167 Compositional Safety LTL Synthesis SugumanBansal1,GiuseppeDeGiacomo2,AntonioDiStasio2,YongLi3, B MosheY.Vardi4,andShufangZhu2( ) 1 UniversityofPennsylvania,Philadelphia,PA,USA 2 SapienzaUniversityofRome,Rome,Italy [email protected] 3 SKLCS,InstituteofSoftware,CAS,Beijing,China 4 RiceUniversity,Houston,TX,USA Abstract. Reactive synthesis holds the promise of generating automatically a verifiablycorrectprogramfromahigh-levelspecification.Apopularsuchspec- ificationlanguageisLinearTemporalLogic(LTL).Unfortunately,synthesizing programsfromgeneralLTLformulas,whichreliesonfirstconstructingagame arenaandthensolvingthegame,doesnotscaletolargeinstances.Thespecifica- tions from practical applications are usually large conjunctions of smaller LTL formulas, which inspires existing compositional synthesis approaches to take advantage of this structural information. The main challenge here is that they solve the game only after obtaining the game arena, the most computationally expensivepartintheprocedure.Inthiswork,weproposeacompositionalsyn- thesistechniquetotacklethisdifficultybysynthesizingaprogramforeachsmall conjunctseparatelyandcomposingthemonebyone.Whilethisapproachdoes notworkforgeneralLTLformulas,weshowherethatitdoesworkforSafetyLTL formulas,apopularandimportantfragmentofLTL.Whilewehavetocompose all the programs of small conjuncts in the worst case, we can prune the inter- mediateprogramstomakelatercompositionseasierandimmediatelyconclude unrealizableassoonassomepartofthespecificationisfoundunrealizable.By comparingourcompositionalapproachwithaportfolioofallotherapproaches, weobservedthatourapproachwasabletosolveanotablenumberofinstances not solved by others. In particular, experiments on scalable conjunctive bench- marksshowedthatourapproachscalewellandsignificantlyoutperformcurrent SafetyLTLsynthesistechniques.Weconcludethatourcompositionalapproach isanimportantcontributiontothealgorithmicportfolioofSafetyLTLsynthesis. 1 Introduction Reactive synthesis is the automated construction, from a high-level description of its desired behavior, of a reactive system that continuously interacts with an uncontrol- lable external environment [7]. By describing a system in terms of what it should do, insteadofhowitshoulddoit,thisdeclarativeparadigmholdsthepromiseofcorrect-by- constructionphilosophyofprogramdesign[26,32].Webelievethatreactivesynthesis will be a viable way to create verified software. A popular language for specifying propertiesthatsystemsshouldsatisfyisLinearTemporalLogic(LTL)[25]. (cid:2)c TheAuthor(s),underexclusivelicensetoSpringerNatureSwitzerlandAG2023 A.LalandS.Tonetta(Eds.):VSTTE2022,LNCS13800,pp.1–19,2023. https://doi.org/10.1007/978-3-031-25803-9_1