70,858 research outputs found
An Exercise in Invariant-based Programming with Interactive and Automatic Theorem Prover Support
Invariant-Based Programming (IBP) is a diagram-based correct-by-construction
programming methodology in which the program is structured around the
invariants, which are additionally formulated before the actual code. Socos is
a program construction and verification environment built specifically to
support IBP. The front-end to Socos is a graphical diagram editor, allowing the
programmer to construct invariant-based programs and check their correctness.
The back-end component of Socos, the program checker, computes the verification
conditions of the program and tries to prove them automatically. It uses the
theorem prover PVS and the SMT solver Yices to discharge as many of the
verification conditions as possible without user interaction. In this paper, we
first describe the Socos environment from a user and systems level perspective;
we then exemplify the IBP workflow by building a verified implementation of
heapsort in Socos. The case study highlights the role of both automatic and
interactive theorem proving in three sequential stages of the IBP workflow:
developing the background theory, formulating the program specification and
invariants, and proving the correctness of the final implementation.Comment: In Proceedings THedu'11, arXiv:1202.453
A Coq-based synthesis of Scala programs which are correct-by-construction
The present paper introduces Scala-of-Coq, a new compiler that allows a
Coq-based synthesis of Scala programs which are "correct-by-construction". A
typical workflow features a user implementing a Coq functional program, proving
this program's correctness with regards to its specification and making use of
Scala-of-Coq to synthesize a Scala program that can seamlessly be integrated
into an existing industrial Scala or Java application.Comment: 2 pages, accepted version of the paper as submitted to FTfJP 2017
(Formal Techniques for Java-like Programs), June 18-23, 2017, Barcelona ,
Spai
Formal Reasoning Using an Iterative Approach with an Integrated Web IDE
This paper summarizes our experience in communicating the elements of
reasoning about correctness, and the central role of formal specifications in
reasoning about modular, component-based software using a language and an
integrated Web IDE designed for the purpose. Our experience in using such an
IDE, supported by a 'push-button' verifying compiler in a classroom setting,
reveals the highly iterative process learners use to arrive at suitably
specified, automatically provable code. We explain how the IDE facilitates
reasoning at each step of this process by providing human readable verification
conditions (VCs) and feedback from an integrated prover that clearly indicates
unprovable VCs to help identify obstacles to completing proofs. The paper
discusses the IDE's usage in verified software development using several
examples drawn from actual classroom lectures and student assignments to
illustrate principles of design-by-contract and the iterative process of
creating and subsequently refining assertions, such as loop invariants in
object-based code.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Towards correct-by-construction product variants of a software product line: GFML, a formal language for feature modules
Software Product Line Engineering (SPLE) is a software engineering paradigm
that focuses on reuse and variability. Although feature-oriented programming
(FOP) can implement software product line efficiently, we still need a method
to generate and prove correctness of all product variants more efficiently and
automatically. In this context, we propose to manipulate feature modules which
contain three kinds of artifacts: specification, code and correctness proof. We
depict a methodology and a platform that help the user to automatically produce
correct-by-construction product variants from the related feature modules. As a
first step of this project, we begin by proposing a language, GFML, allowing
the developer to write such feature modules. This language is designed so that
the artifacts can be easily reused and composed. GFML files contain the
different artifacts mentioned above.The idea is to compile them into FoCaLiZe,
a language for specification, implementation and formal proof with some
object-oriented flavor. In this paper, we define and illustrate this language.
We also introduce a way to compose the feature modules on some examples.Comment: In Proceedings FMSPLE 2015, arXiv:1504.0301
Inferring Concise Specifications of APIs
Modern software relies on libraries and uses them via application programming
interfaces (APIs). Correct API usage as well as many software engineering tasks
are enabled when APIs have formal specifications. In this work, we analyze the
implementation of each method in an API to infer a formal postcondition.
Conventional wisdom is that, if one has preconditions, then one can use the
strongest postcondition predicate transformer (SP) to infer postconditions.
However, SP yields postconditions that are exponentially large, which makes
them difficult to use, either by humans or by tools. Our key idea is an
algorithm that converts such exponentially large specifications into a form
that is more concise and thus more usable. This is done by leveraging the
structure of the specifications that result from the use of SP. We applied our
technique to infer postconditions for over 2,300 methods in seven popular Java
libraries. Our technique was able to infer specifications for 75.7% of these
methods, each of which was verified using an Extended Static Checker. We also
found that 84.6% of resulting specifications were less than 1/4 page (20 lines)
in length. Our technique was able to reduce the length of SMT proofs needed for
verifying implementations by 76.7% and reduced prover execution time by 26.7%
- …