246 research outputs found
Towards a General Framework for Formal Reasoning about Java Bytecode Transformation
Program transformation has gained a wide interest since it is used for
several purposes: altering semantics of a program, adding features to a program
or performing optimizations. In this paper we focus on program transformations
at the bytecode level. Because these transformations may introduce errors, our
goal is to provide a formal way to verify the update and establish its
correctness. The formal framework presented includes a definition of a formal
semantics of updates which is the base of a static verification and a scheme
based on Hoare triples and weakest precondition calculus to reason about
behavioral aspects in bytecode transformationComment: In Proceedings SCSS 2012, arXiv:1307.802
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
VST-A: A Foundationally Sound Annotation Verifier
An interactive program verification tool usually requires users to write
formal proofs in a theorem prover like Coq and Isabelle, which is an obstacle
for most software engineers. In comparison, annotation verifiers can use
assertions in source files as hints for program verification but they
themselves do not have a formal soundness proof.
In this paper, we demonstrate VST-A, a foundationally sound annotation
verifier for sequential C programs. On one hand, users can write high order
assertion in C programs' comments. On the other hand, separation logic proofs
will be generated in the backend whose proof rules are formally proved sound
w.r.t. CompCert's Clight semantics. Residue proof goals in Coq may be generated
if some assertion entailments cannot be verified automatically
Outcome Logic: A Unifying Foundation for Correctness and Incorrectness Reasoning
Program logics for bug-finding (such as the recently introduced Incorrectness
Logic) have framed correctness and incorrectness as dual concepts requiring
different logical foundations. In this paper, we argue that a single unified
theory can be used for both correctness and incorrectness reasoning. We present
Outcome Logic (OL), a novel generalization of Hoare Logic that is both monadic
(to capture computational effects) and monoidal (to reason about outcomes and
reachability). OL expresses true positive bugs, while retaining correctness
reasoning abilities as well. To formalize the applicability of OL to both
correctness and incorrectness, we prove that any false OL specification can be
disproven in OL itself. We also use our framework to reason about new types of
incorrectness in nondeterministic and probabilistic programs. Given these
advances, we advocate for OL as a new foundational theory of correctness and
incorrectness
Synthesizing Certified Code
Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone. We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool
- …