Computational Verification of Network Programs in Coq [chapter]

Gordon Stewart
2013 Lecture Notes in Computer Science  
We report on the design of the first fully automatic, machinechecked tool suite for verification of high-level network programs. The tool suite targets programs written in NetCore, a new declarative network programming language. Our work builds on a recent effort by Guha, Reitblatt, and Foster to build a machine-verified compiler from NetCore to OpenFlow, a new protocol for software-defined networking. 132 ∃y, progInterp pg x y ∧ (predInterp Q y)=true. This Hoare triple states that there exists
more » ... a y for which progInterp pg x y holds, and such that predInterp Q y evaluates to true. In what follows, we will use the notation |-r [P] pg [Q] to denote reachability specifications of this form. Adapting the weakest precondition calculus of Section 3 to reachability specifications is reasonably straightforward. For example, here are the weakest precondition rules for Restrict, Par, and Seq. 112 Fixpoint wp' (pg: prog) (R: pred) := 113 match pg with 114 (* · · · *) 124 | Restrict pg' cond => cond 'AND' wp' pg' R 125
doi:10.1007/978-3-319-03545-1_3 fatcat:qwo3wy6uajaxfi3i2xwkyl7hjy