68 research outputs found
Building an IDE for the Calculational Derivation of Imperative Programs
In this paper, we describe an IDE called CAPS (Calculational Assistant for
Programming from Specifications) for the interactive, calculational derivation
of imperative programs. In building CAPS, our aim has been to make the IDE
accessible to non-experts while retaining the overall flavor of the
pen-and-paper calculational style. We discuss the overall architecture of the
CAPS system, the main features of the IDE, the GUI design, and the trade-offs
involved.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
From LCF to Isabelle/HOL
Interactive theorem provers have developed dramatically over the past four
decades, from primitive beginnings to today's powerful systems. Here, we focus
on Isabelle/HOL and its distinctive strengths. They include automatic proof
search, borrowing techniques from the world of first order theorem proving, but
also the automatic search for counterexamples. They include a highly readable
structured language of proofs and a unique interactive development environment
for editing live proof documents. Everything rests on the foundation conceived
by Robin Milner for Edinburgh LCF: a proof kernel, using abstract types to
ensure soundness and eliminate the need to store proofs. Compared with the
research prototypes of the 1970s, Isabelle is a practical and versatile tool.
It is used by system designers, mathematicians and many others
Automating Verification of State Machines with Reactive Designs and Isabelle/UTP
State-machine based notations are ubiquitous in the description of component
systems, particularly in the robotic domain. To ensure these systems are safe
and predictable, formal verification techniques are important, and can be
cost-effective if they are both automated and scalable. In this paper, we
present a verification approach for a diagrammatic state machine language that
utilises theorem proving and a denotational semantics based on Unifying
Theories of Programming (UTP). We provide the necessary theory to underpin
state machines (including induction theorems for iterative processes),
mechanise an action language for states and transitions, and use these to
formalise the semantics. We then describe the verification approach, which
supports infinite state systems, and exemplify it with a fully automated
deadlock-freedom check. The work has been mechanised in our proof tool,
Isabelle/UTP, and so also illustrates the use of UTP to build practical
verification tools.Comment: 18 pages, 16th Intl. Conf. on Formal Aspects of Component Software
(FACS 2018), October 2018, Pohang, South Kore
Mechanizing Abstract Interpretation
It is important when developing software to verify the absence of undesirable
behavior such as crashes, bugs and security vulnerabilities. Some settings
require high assurance in verification results, e.g., for embedded software in
automobiles or airplanes. To achieve high assurance in these verification
results, formal methods are used to automatically construct or check proofs of
their correctness. However, achieving high assurance for program analysis
results is challenging, and current methods are ill suited for both complex
critical domains and mainstream use.
To verify the correctness of software we consider program analyzers---automated
tools which detect software defects---and to achieve high assurance in
verification results we consider mechanized verification---a rigorous process
for establishing the correctness of program analyzers via computer-checked
proofs.
The key challenges to designing verified program analyzers are: (1) achieving
an analyzer design for a given programming language and correctness property;
(2) achieving an implementation for the design; and (3) achieving a mechanized
verification that the implementation is correct w.r.t. the design. The state of
the art in (1) and (2) is to use abstract interpretation: a guiding
mathematical framework for systematically constructing analyzers directly from
programming language semantics. However, achieving (3) in the presence of
abstract interpretation has remained an open problem since the late 1990's.
Furthermore, even the state-of-the art which achieves (3) in the absence of
abstract interpretation suffers from the inability to be reused in the presence
of new analyzer designs or programming language features.
First, we solve the open problem which has prevented the combination of
abstract interpretation (and in particular, calculational abstract
interpretation) with mechanized verification, which advances the state of the
art in designing, implementing, and verifying analyzers for critical software.
We do this through a new mathematical framework Constructive Galois Connections
which supports synthesizing specifications for program analyzers, calculating
implementations from these induced specifications, and is amenable to
mechanized verification.
Finally, we introduce reusable components for implementing analyzers for a wide
range of designs and semantics. We do this though two new frameworks Galois
Transformers and Definitional Abstract Interpreters. These frameworks tightly
couple analyzer design decisions, implementation fragments, and verification
properties into compositional components which are (target)
programming-language independent and amenable to mechanized verification.
Variations in the analysis design are then recovered by simply re-assembling
the combination of components. Using this framework, sophisticated program
analyzers can be assembled by non-experts, and the result are guaranteed to be
verified by construction
Automating Verification of State Machines with Reactive Designs and Isabelle/UTP
State-machine based notations are ubiquitous in the description of component systems, particularly in the robotic domain. To ensure these systems are safe and predictable, formal verification techniques are important, and can be cost-effective if they are both automated and scalable. In this paper, we present a verification approach for a diagrammatic state machine language that utilises theorem proving and a denotational semantics based on Unifying Theories of Programming (UTP). We provide the necessary theory to underpin state machines (including induction theorems for iterative processes), mechanise an action language for states and transitions, and use these to formalise the semantics. We then describe the verification approach, which supports infinite state systems, and exemplify it with a fully automated deadlock-freedom check. The work has been mechanised in our proof tool, Isabelle/UTP, and so also illustrates the use of UTP to build practical verification tools
Reasoning about correctness properties of a coordination programming language
Safety critical systems place additional requirements to the programming
language used to implement them with respect to traditional environments.
Examples of features that in
uence the suitability of a programming language
in such environments include complexity of de nitions, expressive
power, bounded space and time and veri ability. Hume is a novel programming
language with a design which targets the rst three of these, in some
ways, contradictory features: fully expressive languages cannot guarantee
bounds on time and space, and low-level languages which can guarantee
space and time bounds are often complex and thus error-phrone. In Hume,
this contradiction is solved by a two layered architecture: a high-level fully
expressive language, is built on top of a low-level coordination language
which can guarantee space and time bounds.
This thesis explores the veri cation of Hume programs. It targets safety
properties, which are the most important type of correctness properties,
of the low-level coordination language, which is believed to be the most
error-prone. Deductive veri cation in Lamport's temporal logic of actions
(TLA) is utilised, in turn validated through algorithmic experiments. This
deductive veri cation is mechanised by rst embedding TLA in the Isabelle
theorem prover, and then embedding Hume on top of this. Veri cation of
temporal invariants is explored in this setting.
In Hume, program transformation is a key feature, often required to guarantee
space and time bounds of high-level constructs. Veri cation of transformations
is thus an integral part of this thesis. The work with both invariant
veri cation, and in particular, transformation veri cation, has pinpointed
several weaknesses of the Hume language. Motivated and in
uenced by
this, an extension to Hume, called Hierarchical Hume, is developed and
embedded in TLA. Several case studies of transformation and invariant veri
cation of Hierarchical Hume in Isabelle are conducted, and an approach
towards a calculus for transformations is examined.James Watt ScholarshipEngineering and Physical Sciences Research Council (EPSRC) Platform grant GR/SO177
External Insulation Systems for Cryogenic Storage Systems
Multilayer dielectric film reflector applied to cryogenic insulation material
Unifying Semantic Foundations for Automated Verification Tools in Isabelle/UTP
The growing complexity and diversity of models used for engineering dependable systems implies that a variety of formal methods, across differing abstractions, paradigms, and presentations, must be integrated. Such an integration requires unified semantic foundations for the various notations, and co-ordination of a variety of automated verification tools. The contribution of this paper is Isabelle/UTP, an implementation of Hoare and He’s Unifying Theories of Programming, a framework for unification of formal semantics. Isabelle/UTP permits the mechanisation of computational theories for diverse paradigms, and their use in constructing formalised semantics. These can be further applied in the development of verification tools, harnessing Isabelle’s proof automation facilities. Several layers of mathematical foundations are developed, including lenses to model variables and state spaces as algebraic objects, alphabetised predicates and relations to model programs, algebraic and axiomatic semantics, proof tools for Hoare logic and refinement calculus, and UTP theories to encode computational paradigms
Programmiersprachen und Rechenkonzepte
Seit 1984 veranstaltet die GI--Fachgruppe "Programmiersprachen und Rechenkonzepte" regelmäßig im Frühjahr einen Workshop im Physikzentrum Bad Honnef. Das Treffen dient in erster Linie dem gegenseitigen Kennenlernen, dem Erfahrungsaustausch, der Diskussion und der Vertiefung gegenseitiger Kontakte
- …