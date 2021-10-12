Program Verification for ECMAScript/JavaScript (esverify.org).
Alpha: This is still a research prototype and not yet ready for production use.
A detailed documentation of esverify and its theoretical foundations is currently work-in-progress and will be published soon.
Given a simple JavaScript
max function, we can add pre- and post-conditions
using special pseudo-calls to
requires and
ensures with boolean expressions.
function max(a, b) {
requires(typeof a === "number");
requires(typeof b === "number");
ensures(res => res >= a);
if (a >= b) {
return a;
} else {
return b;
}
}
These expressions will then be statically verified with respect to the function body with an SMT solver.
More examples can be found in the
tests directory.
old(x) > x
console and
Math
It is based on the z3 SMT solver but avoids trigger heuristics and thereby (most) timeouts and other unpredictable results by requiring manual instantiation. Function definitions and class invariants correspond to universal quantifiers and function calls and field access act as triggers that instantiate these quantifiers in a deterministic way.
Simple usage without installation:
$ npx esverify file.js
Installation:
$ npm install -g esverify
Command Line Options:
$ esverify --help
Usage: esverify [OPTIONS] FILE
Options:
--z3path PATH Path to local z3 executable
(default path is "z3")
-r, --remote Invokes z3 remotely via HTTP request
--z3url URL URL to remote z3 web server
--noqi Disables quantifier instantiations
-t, --timeout SECS Sets timeout in seconds for z3
(default timeout is 10s, 0 disables timeout)
-f, --logformat FORMAT Format can be either "simple" or "colored"
(default format is "colored")
-q, --quiet Suppresses output
-v, --verbose Prints SMT input, output and test code
--logsmt PATH Path for logging SMT input in verbose mode
(default path is "/tmp/vc.smt")
-h, --help Prints this help text and exit
--version Prints version information
Installation via npm:
$ npm install esverify --save
Import
verify and invoke on source code to receive a promise of messages.
import { verify } from "esverify";
const opts = { };
const messages = await verify("assert(1 > 2);", opts);
messages.forEach(msg => console.log(msg.status));
The options and returned messages have the following structure:
type opts = {
filename: string,
logformat: "simple" | "colored" = "colored",
z3path: string = "z3",
z3url: string,
remote: boolean = false,
quiet: true,
verbose: false,
logsmt: '/tmp/vc.smt'
timeout: 5,
qi: true
}
type msg = {
status: "verified" | "unverified" | "timeout" | "error",
loc: { file: string, start: { line: number, column: number },
end: { line: number, column: number }},
description: string
}
A simple web-based editor is available online at esverify.org/try.
Additionally, there is a Vim Plugin and an Emacs Plugin which display verification results inline.
More tool support will be coming soon.
Please report bugs to the GitHub Issue Tracker. esverify is currently developed and maintained by Christopher Schuster.
Inspired by Dafny and LiquidHaskell.
This project is developed by the Software and Languages Research Group at University of California, Santa Cruz. Thanks also to Tommy, Sohum and Cormac for support and advice.