39 research outputs found
Separation Logic for Small-step Cminor
Cminor is a mid-level imperative programming language; there are
proved-correct optimizing compilers from C to Cminor and from Cminor to machine
language. We have redesigned Cminor so that it is suitable for Hoare Logic
reasoning and we have designed a Separation Logic for Cminor. In this paper, we
give a small-step semantics (instead of the big-step of the proved-correct
compiler) that is motivated by the need to support future concurrent
extensions. We detail a machine-checked proof of soundness of our Separation
Logic. This is the first large-scale machine-checked proof of a Separation
Logic w.r.t. a small-step semantics. The work presented in this paper has been
carried out in the Coq proof assistant. It is a first step towards an
environment in which concurrent Cminor programs can be verified using
Separation Logic and also compiled by a proved-correct compiler with formal
end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613
Algebraic Pattern Matching in Join Calculus
We propose an extension of the join calculus with pattern matching on
algebraic data types. Our initial motivation is twofold: to provide an
intuitive semantics of the interaction between concurrency and pattern
matching; to define a practical compilation scheme from extended join
definitions into ordinary ones plus ML pattern matching. To assess the
correctness of our compilation scheme, we develop a theory of the applied join
calculus, a calculus with value passing and value matching. We implement this
calculus as an extension of the current JoCaml system
Comment gagner confiance en C ?
National audiencevoir article (cette communication est une chronique et ne contient pas de résumé)
Experiments in validating formal semantics for C
International audienceThis paper reports on the design of adequate on-machine formal semantics for a certified C compiler. This compiler is an optimizing compiler, that targets critical embedded software. It is written and formally verified using the Coq proof assistant. The main structure of the compiler is very strongly conditioned by the choice of the languages of the compiler, and also by the kind of semantics of these languages
Formal proofs applied to system models
National audienceUsually, the description of nuclear equipment by the FMEA (Failure Mode and Effects Analysis) method can be of considerable length (up to 5,000 lines); on the other hand, the number of rules used for the verification of this equipment is small. In addition, upstream, there is the question of trust in the tools that generate these descriptions for complex equipment, that is to say, made up of several thousand objects (requirements, functions, interfaces, behaviors)
Mechanized semantics for the Clight subset of the C language
This article presents the formal semantics of a large subset of the C
language called Clight. Clight includes pointer arithmetic, "struct" and
"union" types, C loops and structured "switch" statements. Clight is the source
language of the CompCert verified compiler. The formal semantics of Clight is a
big-step operational semantics that observes both terminating and diverging
executions and produces traces of input/output events. The formal semantics of
Clight is mechanized using the Coq proof assistant. In addition to the
semantics of Clight, this article describes its integration in the CompCert
verified compiler and several ways by which the semantics was validated.Comment: Journal of Automated Reasoning (2009
Formal Verification of Receipt Validation in Chaum’s Scheme
In the aftermath of the United States Presidential election, more and more frequently there are calls for voters to be able to place their votes from the comfort of their own home. However, many studies have found prototype systems to be either insecure or insufficiently defined for the purposes of an election on a national scale.
In this paper I will examine the security of voting applications from a different angle: the validation and verification of compiled code. There are the obvious concerns about unverified code, that we have no guarantee the protocol described by the voting procedure is the one being executed. Using work by Appel [3] as a model, it can be seen that even advanced cryptographic algorithms can be verified. Using Chaum’s scheme, a visual cryptography system intensely examined in Staub’s work [1], and originally described in Chaum’s paper [5], as our target enables us to have a secure algorithm that we can properly verify. Our goal will be to establish a verified code implementation for Chaum’s scheme that could be deployed to voters to confirm their votes