9,278 research outputs found
Formal proofs of code generation and verification tools
International audienceTool-assisted verification of critical software has great potential but is limited by two risks: unsoundness of the verification tools, and miscompilation when generating executable code from the sources that were verified. A radical solution to these two risks is the deductive verification of compilers and verification tools themselves. In this invited talk, I describe two ongoing projects along this line: CompCert, a verified C~compiler, and Verasco, a verified static analyzer based on abstract interpretation
Proving soundness of combinatorial Vickrey auctions and generating verified executable code
Using mechanised reasoning we prove that combinatorial Vickrey auctions are
soundly specified in that they associate a unique outcome (allocation and
transfers) to any valid input (bids). Having done so, we auto-generate verified
executable code from the formally defined auction. This removes a source of
error in implementing the auction design. We intend to use formal methods to
verify new auction designs. Here, our contribution is to introduce and
demonstrate the use of formal methods for auction verification in the familiar
setting of a well-known auction
Generating Property-Directed Potential Invariants By Backward Analysis
This paper addresses the issue of lemma generation in a k-induction-based
formal analysis of transition systems, in the linear real/integer arithmetic
fragment. A backward analysis, powered by quantifier elimination, is used to
output preimages of the negation of the proof objective, viewed as unauthorized
states, or gray states. Two heuristics are proposed to take advantage of this
source of information. First, a thorough exploration of the possible
partitionings of the gray state space discovers new relations between state
variables, representing potential invariants. Second, an inexact exploration
regroups and over-approximates disjoint areas of the gray state space, also to
discover new relations between state variables. k-induction is used to isolate
the invariants and check if they strengthen the proof objective. These
heuristics can be used on the first preimage of the backward exploration, and
each time a new one is output, refining the information on the gray states. In
our context of critical avionics embedded systems, we show that our approach is
able to outperform other academic or commercial tools on examples of interest
in our application field. The method is introduced and motivated through two
main examples, one of which was provided by Rockwell Collins, in a
collaborative formal verification framework.Comment: In Proceedings FTSCS 2012, arXiv:1212.657
- …