Separation Logic for Small-step Cminor

Cminor is a mid-level imperative programming language; there are proved-correct optimizing compilers from C to Cminor and from Cminor to machine language. We have redesigned Cminor so that it is suitable for Hoare Logic reasoning and we have designed a Separation Logic for Cminor. In this paper, we give a small-step semantics (instead of the big-step of the proved-correct compiler) that is motivated by the need to support future concurrent extensions. We detail a machine-checked proof of soundness of our Separation Logic. This is the first large-scale machine-checked proof of a Separation Logic w.r.t. a small-step semantics. The work presented in this paper has been carried out in the Coq proof assistant. It is a first step towards an environment in which concurrent Cminor programs can be verified using Separation Logic and also compiled by a proved-correct compiler with formal end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613

Algebraic Pattern Matching in Join Calculus

We propose an extension of the join calculus with pattern matching on algebraic data types. Our initial motivation is twofold: to provide an intuitive semantics of the interaction between concurrency and pattern matching; to define a practical compilation scheme from extended join definitions into ordinary ones plus ML pattern matching. To assess the correctness of our compilation scheme, we develop a theory of the applied join calculus, a calculus with value passing and value matching. We implement this calculus as an extension of the current JoCaml system

Comment gagner confiance en C ?

National audiencevoir article (cette communication est une chronique et ne contient pas de résumé)

Experiments in validating formal semantics for C

International audienceThis paper reports on the design of adequate on-machine formal semantics for a certified C compiler. This compiler is an optimizing compiler, that targets critical embedded software. It is written and formally verified using the Coq proof assistant. The main structure of the compiler is very strongly conditioned by the choice of the languages of the compiler, and also by the kind of semantics of these languages

Formal proofs applied to system models

National audienceUsually, the description of nuclear equipment by the FMEA (Failure Mode and Effects Analysis) method can be of considerable length (up to 5,000 lines); on the other hand, the number of rules used for the verification of this equipment is small. In addition, upstream, there is the question of trust in the tools that generate these descriptions for complex equipment, that is to say, made up of several thousand objects (requirements, functions, interfaces, behaviors)

Mechanized semantics for the Clight subset of the C language

This article presents the formal semantics of a large subset of the C language called Clight. Clight includes pointer arithmetic, "struct" and "union" types, C loops and structured "switch" statements. Clight is the source language of the CompCert verified compiler. The formal semantics of Clight is a big-step operational semantics that observes both terminating and diverging executions and produces traces of input/output events. The formal semantics of Clight is mechanized using the Coq proof assistant. In addition to the semantics of Clight, this article describes its integration in the CompCert verified compiler and several ways by which the semantics was validated.Comment: Journal of Automated Reasoning (2009

Formal Verification of Receipt Validation in Chaum’s Scheme

In the aftermath of the United States Presidential election, more and more frequently there are calls for voters to be able to place their votes from the comfort of their own home. However, many studies have found prototype systems to be either insecure or insufficiently defined for the purposes of an election on a national scale. In this paper I will examine the security of voting applications from a different angle: the validation and verification of compiled code. There are the obvious concerns about unverified code, that we have no guarantee the protocol described by the voting procedure is the one being executed. Using work by Appel [3] as a model, it can be seen that even advanced cryptographic algorithms can be verified. Using Chaum’s scheme, a visual cryptography system intensely examined in Staub’s work [1], and originally described in Chaum’s paper [5], as our target enables us to have a secure algorithm that we can properly verify. Our goal will be to establish a verified code implementation for Chaum’s scheme that could be deployed to voters to confirm their votes