648 research outputs found
Verifying cryptographic software correctness with respect to reference implementations
This paper presents techniques developed to check program equivalences in the context of cryptographic software development, where specifications are typically reference implementations. The techniques allow for the integration of interactive proof techniques (required given the difficulty and generality of the results sought) in a verification infrastructure that is capable of discharging many verification conditions automatically. To this end, the difficult results in the verification process (to be proved interactively) are isolated as a set of lemmas. The fundamental notion of natural invariant is used to link the specification level and the interactive proof construction process.Fundação para a Ciência e a Tecnologia (FCT
From Event-B models to Dafny code contracts
International audienceThe constructive approach to software correctness aims at formal modelling and verification of the structure and behaviour of a system in different levels of abstraction. In contrast, the analytical approach to software verification focuses on code level correctness and its verification. Therefore it would seem that the constructive and analytical approaches should complement each other well. To demonstrate this idea we present a case for linking two existing verification methods, Event-B (constructive) and Dafny (analytical). This approach combines the power of Event-B abstraction and its stepwise refinement with the verification capabilities of Dafny. We presented a small case study to demonstrate this approach and outline of the rules for transforming Event-B events to Dafny contracts. Finally, a tool for automatic generation of Dafny contracts from Event-B formal models is presented
Specifying Software/Hardware Interactions in Distributed Systems
This paper describes a system level specification approach that enables the designer to formulate and answer questions regarding the system\u27s logical correctness and performance characteristics when the interaction between the hardware and the software is important, i.e., when the impact of faults, failures, communication delay, hardware selection, scheduling policies, etc., must be considered. In the simplest terms, our concern extends beyond the traditional software correctness questions by addressing the issue of employing logical verification techniques to determine software correctness and performance characteristics when running on a particular distributed hardware architectures and using a particular operating system. A language called CSPS (an extension of Hoare\u27s CSP) is used in the illustration of the approach. Employing CSP as a base allows modelled systems to be verified using techniques already developed for verifying CSP programs
Recommended from our members
Assessing the Risk due to Software Faults: Estimates of Failure Rate versus Evidence of Perfection.
In the debate over the assessment of software reliability (or safety), as applied to critical software, two extreme positions can be discerned: the ‘statistical’ position, which requires that the claims of reliability be supported by statistical inference from realistic testing or operation, and the ‘perfectionist’ position, which requires convincing indications that the software is free from defects. These two positions naturally lead to requiring different kinds of supporting evidence, and actually to stating the dependability requirements in different ways, not allowing any direct comparison. There is often confusion about the relationship between statements about software failure rates and about software correctness, and about which evidence can support either kind of statement. This note clarifies the meaning of the two kinds of statement and how they relate to the probability of failure-free operation, and discusses their practical merits, especially for high required reliability or safety
A Critical Review of "Automatic Patch Generation Learned from Human-Written Patches": Essay on the Problem Statement and the Evaluation of Automatic Software Repair
At ICSE'2013, there was the first session ever dedicated to automatic program
repair. In this session, Kim et al. presented PAR, a novel template-based
approach for fixing Java bugs. We strongly disagree with key points of this
paper. Our critical review has two goals. First, we aim at explaining why we
disagree with Kim and colleagues and why the reasons behind this disagreement
are important for research on automatic software repair in general. Second, we
aim at contributing to the field with a clarification of the essential ideas
behind automatic software repair. In particular we discuss the main evaluation
criteria of automatic software repair: understandability, correctness and
completeness. We show that depending on how one sets up the repair scenario,
the evaluation goals may be contradictory. Eventually, we discuss the nature of
fix acceptability and its relation to the notion of software correctness.Comment: ICSE 2014, India (2014
Runtime Verification Of SQL Correctness Properties with YR-DB-RUNTIME-VERIF
Software correctness properties are essential to maintain quality by continuous and regressive inte-
gration testing, as well as runtime monitoring the program after customer deployment. This paper
presents an effective and lightweight C ++ program verification framework: YR_DB_RUNTIME_VERIF,
to check SQL (Structure Query Language) [1] software correctness properties specified as temporal
safety properties [2]. A temporal safety property specifies what behavior shall not occur, in a software,
as sequence of program events. YR_DB_RUNTIME_VERIF allows specification of a SQL temporal safety
property by means of a very small state diagram mealy machine [3]. In YR_DB_RUNTIME_VERIF, a spec-
ification characterizes effects of program events (via SQL statements) on database table columns by
means of set interface operations (∈, ∈), and, enable to check these characteristics hold or not at
runtime. Integration testing is achieved for instance by expressing a state diagram that encompasses
both Graphical User Interface (GUI) states and MySQL [4] databases queries that glue them. For
example, a simple specification would encompass states between ’Department administration’ and
’Stock listing’ GUI interfaces, and transitions between them by means of MySQL databases oper-
ations. YR_DB_RUNTIME_VERIF doesn’t generate false warnings; YR_DB_RUNTIME_VERIF specifications
are not desirable (forbidden) specifications (fail traces). This paper focuses its examples on MySQL
database specifications, labeled as states diagrams events, for the newly developed and FOSS (Free
and Open Source Software) Enterprise Resource Planing Software YEROTH–ERP–3.0 [5].PROF. DR.-ING. DIPL.-INF. xavier noumbissi noundo
LLM4TDD: Best Practices for Test Driven Development Using Large Language Models
In today's society, we are becoming increasingly dependent on software
systems. However, we also constantly witness the negative impacts of buggy
software. Program synthesis aims to improve software correctness by
automatically generating the program given an outline of the expected behavior.
For decades, program synthesis has been an active research field, with recent
approaches looking to incorporate Large Language Models to help generate code.
This paper explores the concept of LLM4TDD, where we guide Large Language
Models to generate code iteratively using a test-driven development
methodology. We conduct an empirical evaluation using ChatGPT and coding
problems from LeetCode to investigate the impact of different test, prompt and
problem attributes on the efficacy of LLM4TDD
- …