673 research outputs found
An implementation of Deflate in Coq
The widely-used compression format "Deflate" is defined in RFC 1951 and is
based on prefix-free codings and backreferences. There are unclear points about
the way these codings are specified, and several sources for confusion in the
standard. We tried to fix this problem by giving a rigorous mathematical
specification, which we formalized in Coq. We produced a verified
implementation in Coq which achieves competitive performance on inputs of
several megabytes. In this paper we present the several parts of our
implementation: a fully verified implementation of canonical prefix-free
codings, which can be used in other compression formats as well, and an elegant
formalism for specifying sophisticated formats, which we used to implement both
a compression and decompression algorithm in Coq which we formally prove
inverse to each other -- the first time this has been achieved to our
knowledge. The compatibility to other Deflate implementations can be shown
empirically. We furthermore discuss some of the difficulties, specifically
regarding memory and runtime requirements, and our approaches to overcome them
Proof-Pattern Recognition and Lemma Discovery in ACL2
We present a novel technique for combining statistical machine learning for
proof-pattern recognition with symbolic methods for lemma discovery. The
resulting tool, ACL2(ml), gathers proof statistics and uses statistical
pattern-recognition to pre-processes data from libraries, and then suggests
auxiliary lemmas in new proofs by analogy with already seen examples. This
paper presents the implementation of ACL2(ml) alongside theoretical
descriptions of the proof-pattern recognition and lemma discovery methods
involved in it
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Recommended from our members
Proving Cryptographic C Programs Secure with General-Purpose Verification Tools
Security protocols, such as TLS or Kerberos, and security devices such as the Trusted Platform Module (TPM), Hardware Security Modules (HSMs) or PKCS#11 tokens, are central to many computer interactions.
Yet, such security critical components are still often found vulnerable to attack after their deployment, either because the specification is insecure, or because of implementation errors.
Techniques exist to construct machine-checked proofs of security properties for abstract specifications.
However, this may leave the final executable code, often written in lower level languages such as C, vulnerable both to logical errors, and low-level flaws.
Recent work on verifying security properties of C code is often based on soundly extracting, from C programs, protocol models on which security properties can be proved.
However, in such methods, any change in the C code, however trivial, may require one to perform a new and complex security proof.
Our goal is therefore to develop or identify a framework in which security properties of cryptographic systems can be formally proved, and that can also be used to soundly verify, using existing general-purpose tools, that a C program shares the same security properties.
We argue that the current state of general-purpose verification tools for the C language, as well as for functional languages, is sufficient to achieve this goal, and illustrate our argument by developing two verification frameworks around the VCC verifier.
In the symbolic model, we illustrate our method by proving authentication and weak secrecy for implementations of several network security protocols.
In the computational model, we illustrate our method by proving authentication and strong secrecy properties for an exemplary key management API, inspired by the TPM
Isabelle/PIDE as Platform for Educational Tools
The Isabelle/PIDE platform addresses the question whether proof assistants of
the LCF family are suitable as technological basis for educational tools. The
traditionally strong logical foundations of systems like HOL, Coq, or Isabelle
have so far been counter-balanced by somewhat inaccessible interaction via the
TTY (or minor variations like the well-known Proof General / Emacs interface).
Thus the fundamental question of math education tools with fully-formal
background theories has often been answered negatively due to accidental
weaknesses of existing proof engines.
The idea of "PIDE" (which means "Prover IDE") is to integrate existing
provers like Isabelle into a larger environment, that facilitates access by
end-users and other tools. We use Scala to expose the proof engine in ML to the
JVM world, where many user-interfaces, editor frameworks, and educational tools
already exist. This shall ultimately lead to combined mathematical assistants,
where the logical engine is in the background, without obstructing the view on
applications of formal methods, formalized mathematics, and math education in
particular.Comment: In Proceedings THedu'11, arXiv:1202.453
Fix Your Types
When using existing ACL2 datatype frameworks, many theorems require type
hypotheses. These hypotheses slow down the theorem prover, are tedious to
write, and are easy to forget. We describe a principled approach to types that
provides strong type safety and execution efficiency while avoiding type
hypotheses, and we present a library that automates this approach. Using this
approach, types help you catch programming errors and then get out of the way
of theorem proving.Comment: In Proceedings ACL2 2015, arXiv:1509.0552
- …