8,031 research outputs found
Program Derivation by Correctness Enhacements
Relative correctness is the property of a program to be more-correct than
another program with respect to a given specification. Among the many
properties of relative correctness, that which we found most intriguing is the
property that program P' refines program P if and only if P' is more-correct
than P with respect to any specification. This inspires us to reconsider
program derivation by successive refinements: each step of this process
mandates that we transform a program P into a program P' that refines P, i.e.
P' is more-correct than P with respect to any specification. This raises the
question: why should we want to make P' more-correct than P with respect to any
specification, when we only have to satisfy specification R? In this paper, we
discuss a process of program derivation that replaces traditional sequence of
refinement-based correctness-preserving transformations starting from
specification R by a sequence of relative correctness-based
correctness-enhancing transformations starting from abort.Comment: In Proceedings Refine'15, arXiv:1606.0134
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Computer-aided verification in mechanism design
In mechanism design, the gold standard solution concepts are dominant
strategy incentive compatibility and Bayesian incentive compatibility. These
solution concepts relieve the (possibly unsophisticated) bidders from the need
to engage in complicated strategizing. While incentive properties are simple to
state, their proofs are specific to the mechanism and can be quite complex.
This raises two concerns. From a practical perspective, checking a complex
proof can be a tedious process, often requiring experts knowledgeable in
mechanism design. Furthermore, from a modeling perspective, if unsophisticated
agents are unconvinced of incentive properties, they may strategize in
unpredictable ways.
To address both concerns, we explore techniques from computer-aided
verification to construct formal proofs of incentive properties. Because formal
proofs can be automatically checked, agents do not need to manually check the
properties, or even understand the proof. To demonstrate, we present the
verification of a sophisticated mechanism: the generic reduction from Bayesian
incentive compatible mechanism design to algorithm design given by Hartline,
Kleinberg, and Malekian. This mechanism presents new challenges for formal
verification, including essential use of randomness from both the execution of
the mechanism and from the prior type distributions. As an immediate
consequence, our work also formalizes Bayesian incentive compatibility for the
entire family of mechanisms derived via this reduction. Finally, as an
intermediate step in our formalization, we provide the first formal
verification of incentive compatibility for the celebrated
Vickrey-Clarke-Groves mechanism
Towards a Rule-level Verification Framework for Property-Preserving Graph Transformations
International audienceWe report in this paper a method for proving that a graph transformation is property-preserving. Our approach uses a relational representation for graph grammar and a logical representation for graph properties with first-order logic formulas. The presented work consists in identifying the general conditions for a graph grammar to preserve graph properties, in particular structural properties. We aim to implement all the relevant notions of graph grammar in the Isabelle/HOL proof assistant in order to allow a (semi) automatic verification of graph transformation with a reasonable complexity. Given an input graph and a set of graph transformation rules, we can use mathematical induction strategies to verify statically if the transformation preserves a particular property of the initial graph. The main highlight of our approach is that such a verification is done without calculating the resulting graph and thus without using a transformation engine
Automatically correcting syntactic and semantic errors in ATL transformations using multi-objective optimization
L’ingénierie dirigée par les modèles (EDM) est un paradigme de développement logiciel
qui promeut l’utilisation de modèles en tant qu’artefacts de première plan et de processus
automatisés pour en dériver d’autres artefacts tels que le code, la documentation et les cas de
test. La transformation de modèle est un élément important de l’EDM puisqu’elle permet de
manipuler les représentations abstraites que sont les modèles. Les transformations de modèles,
comme d’autres programmes, sont sujettes à la fois à des erreurs syntaxiques et sémantiques.
La correction de ces erreurs est difficile et chronophage, car les transformations dépendent
du langage de transformation comme ATL et des langages de modélisation dans lesquels
sont exprimés les modèles en entrée et en sortie. Les travaux existants sur la réparation
des transformations ciblent les erreurs syntaxiques ou sémantiques, une erreur à la fois, et
définissent manuellement des patrons de correctifs. L’objectif principal de notre recherche
est de proposer un cadre générique pour corriger automatiquement de multiples erreurs
syntaxiques et sémantiques. Afin d’atteindre cet objectif, nous reformulons la réparation des
transformations de modèles comme un problème d’optimisation multiobjectif et le résolvons au
moyen d’algorithmes évolutionnaires. Pour adapter le cadre aux deux catégories d’erreurs, nous
utilisons différents types d’objectifs et des stratégies sophistiquées pour guider l’exploration
de l’espace des solutions.Model-driven engineering (MDE) is a software development paradigm that promotes the
use of models as first-class artifacts and automated processes to derive other artefacts from
them such as code, documentation and test cases. Model transformation is an important
element of MDE since it allows to manipulate the abstract representations that are models.
Model transformations, as other programs are subjects to both syntactic and semantic errors.
Fixing those errors is difficult and time consuming as the transformations depend on the
transformation language such as ATL, and modeling languages in which input and output
models are expressed. Existing work on transformation repair targets either syntactic or
semantic errors, one error at a time, and define patch templates manually. The main goal of
our research is to propose a generic framework to fix multiple syntactic and semantic errors
automatically. In order to achieve this goal, we reformulate the repair of model transformations
as a multi-objective optimization problem and solve it by means of evolutionary algorithms.
To adapt the framework to the two categories of errors, we use different types of objectives
and sophisticated strategies to guide the search
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
- …