4 research outputs found
Supporting ArcAngel in ProofPower
AbstractArcAngel is a specialised tactic language devised to facilitate and automate program developments using Morgan's refinement calculus. It is especially well-suited for the specification of high-level strategies to derive programs by construction, and equipped with a formal semantics that enables reasoning about tactics. In this paper, we present an implementation of ArcAngel for the ProofPower theorem prover. We discuss the underlying design, explain how it implements the semantics of ArcAngel, and examine differences in expressiveness and flexibility in comparison to ProofPower's in-built tactic language. ArcAngel supports backtracking through angelic choice; this is beyond the basic capabilities of ProofPower and many other main-stream theorem provers. The implementation is demonstrated with a non-trivial tactic example
Information Flow Control-by-Construction for an Object-Oriented Language Using Type Modifiers
In security-critical software applications, confidential information must be
prevented from leaking to unauthorized sinks. Static analysis techniques are
widespread to enforce a secure information flow by checking a program after
construction. A drawback of these systems is that incomplete programs during
construction cannot be checked properly. The user is not guided to a secure
program by most systems. We introduce IFbCOO, an approach that guides users
incrementally to a secure implementation by using refinement rules. In each
refinement step, confidentiality or integrity (or both) is guaranteed alongside
the functional correctness of the program, such that insecure programs are
declined by construction. In this work, we formalize IFbCOO and prove soundness
of the refinement rules. We implement IFbCOO in the tool CorC and conduct a
feasibility study by successfully implementing case studies
Flexible Correct-by-Construction Programming
Correctness-by-Construction (CbC) is an incremental program construction
process to construct functionally correct programs. The programs are
constructed stepwise along with a specification that is inherently guaranteed
to be satisfied. CbC is complex to use without specialized tool support, since
it needs a set of predefined refinement rules of fixed granularity which are
additional rules on top of the programming language. Each refinement rule
introduces a specific programming statement and developers cannot depart from
these rules to construct programs. CbC allows to develop software in a
structured and incremental way to ensure correctness, but the limited
flexibility is a disadvantage of CbC. In this work, we compare classic CbC with
CbC-Block and TraitCbC. Both approaches CbC-Block and TraitCbC, are related to
CbC, but they have new language constructs that enable a more flexible software
construction approach. We provide for both approaches a programming guideline,
which similar to CbC, leads to well-structured programs. CbC-Block extends CbC
by adding a refinement rule to insert any block of statements. Therefore, we
introduce CbC-Block as an extension of CbC. TraitCbC implements
correctness-by-construction on the basis of traits with specified methods. We
formally introduce TraitCbC and prove soundness of the construction strategy.
All three development approaches are qualitatively compared regarding their
programming constructs, tool support, and usability to assess which is best
suited for certain tasks and developers.Comment: arXiv admin note: substantial text overlap with arXiv:2204.0564
Angelic Processes for CSP via the UTP
Demonic and angelic nondeterminism play fundamental roles as abstraction mechanisms for formal modelling. In contrast with its demonic counterpart, in an angelic choice failure is avoided whenever possible. Although it has been extensively studied in refinement calculi, in the context of process algebras, and of the Communicating Sequential Processes (CSP) algebra for refinement, in particular, it has been elusive. We show here that a semantics for an extended version of CSP that includes both demonic and angelic choice can be provided using Hoare and He's Unifying Theories of Programming (UTP). Since CSP is given semantics in the UTP via reactive designs (pre and postcondition pairs) we have developed a theory of angelic designs and a conservative extension of the CSP theory using reactive angelic designs. To characterise angelic nondeterminism appropriately in an algebra of processes, however, a notion of divergence that can undo the history of events needs to be considered. Taking this view, we present a model for CSP where angelic choice completely avoids divergence just like in the refinement calculi for sequential programs