Des programmes impératifs vers la logique équationnelle pour la vérification

Omnipresence of computer systems in modern technological applications makes the question of their reliability essential. In this thesis, we investigate equational logic as a foundation for the verification of programs written in an imperative language. Our approach aims at automating the verification of program properties while offering a formalism suited to software developers for reasoning about programs. Precisely, our work addresses the automatic translation of imperative programs into equational logic in order to verify their correctness. We studied two classes of programs. In the first class, assignment is the sole language statement with side effect. We developed an algorithm to translate the programs in this class into a set of equations. This algorithm is expressed as a rewrite system defining the language's semantics. We showed, with a theorem prover, the convergence of our rewrite system. The second class is defined by adding to the programming language call-by-reference parameter passing mode and mutable lists. These mechanisms introduce the ability of handling aliases in programs. We define restrictions on the use of aliases which allow us to propose an algorithm for the translation into equations of the programs in the new class. The equational definition we obtain does not involve an explicit model of the program's memory. The equations produced by the translation of a program can then be used in proof systems in order to verify properties of the program. The properties are also expressed as equations. We validate our approach by implementing the translation algorithms and by proving interesting program properties from the equations produced by our method.Nous nous sommes intéressé à la logique équationnelle en tant que support de la vérification des programmes impératifs. Notre approche vise le double objectif d'automatiser la vérification des propriétés de programmes et de proposer un formalisme pour raisonner sur les programmes adapté aux acteurs du développement des logiciels. Précisément, les travaux de cette thèse portent sur la traduction automatique des programmes impératifs vers la logique équationnelle. Nous avons considéré deux classes de programmes. Dans la première, la seule instruction avec effet de bord du langage est l'affectation. Nous présentons l'algorithme de traduction d'un programme en un ensemble d'équations sous la forme d'un système de réécriture définissant la sémantique du langage. Nous montrons la convergence du système de réécriture à l'aide d'un démonstrateur de théorèmes. Pour la seconde classe, nous ajoutons au langage appel par référence et listes mutables. Ces deux mécanismes introduisent la possibilité de manipuler des alias dans les programmes. Nous énonçons des restrictions sur l'utilisation des alias moyennant lesquelles nous proposons un algorithme pour la traduction en équations des programmes de cette seconde classe. La définition équationnelle obtenue ne s'appuie pas sur un modèle de la mémoire. Les équations produites par la traduction d'un programme peuvent alors être utilisées dans des systèmes de preuve afin de vérifier des propriétés du programme, elles-mêmes exprimées par des équations. Nous validons notre approche par une implantation des algorithmes et par la preuve de propriétés de programmes non triviales à l'aide des équations produites par notre méthode

A Schedulerless Semantics of TLM Models Written in SystemC via Translation into LOTOS

International audienceTLM (Transaction-Level Modeling) was introduced to cope with the increasing complexity of Systems-on-Chip designs by raising the modeling level. Currently, TLM is primarily used for system-level functional testing and simulation using the SystemC C++ API widely accepted in industry. Nevertheless, TLM requires a careful handling of asynchronous concurrency. In this paper, we give a semantics to TLM models written in SystemC via a translation into the process algebra LOTOS, enabling the verification of the models with the CADP toolbox dedicated to asynchronous systems. Contrary to other works on formal verification of TLM models written in SystemC, our approach targets fully asynchronous TLM without the restrictions imposed by the SystemC simulation semantics. We argue that this approach leads to more dependable models

A Comparison of Two SystemC/TLM Semantics for Formal Verification

International audienceThe development of complex systems mixing hardware and software starts more and more by the design of functional models written in SystemC/TLM. These models are used as golden models for embedded software validation and for hardware verification, therefore their own validation is an important issue. One thriving approach consists in describing the semantics of SystemC/TLM in a formal language for which a verification tool exists. In this paper, we use LOTOS and the CADP toolbox as a unifying framework to define and experiment with two possible semantics for untimed SystemC/TLM, emphasizing either the nonpreemptive semantics of SystemC or the concurrent one of TLM. We also discuss and illustrate on a benchmark the qualitative versus quantitative performance trade-off offered by each semantics as regards verification. When associated with locks, our concurrent semantics appears both to provide more flexibility and to improve the scalability

Des programmes impératifs vers la logique équationnelle pour la vérification

Nous nous sommes intéressé à la logique équationnelle en tant que support de la vérification des programmes impératifs. Notre approche vise le double objectif d'automatiser la vérification des propriétés de programmes et de proposer un formalisme pour raisonner sur les programmes adapté aux acteurs du développement des logiciels. Précisément, les travaux de cette thèse portent sur la traduction automatique des programmes impératifs vers la logique équationnelle. Nous avons considéré deux classes de programmes. Dans la première, la seule instruction avec effet de bord du langage est l'affectation. Nous présentons l'algorithme de traduction d'un programme en un ensemble d'équations sous la forme d'un système de réécriture définissant la sémantique du langage. Nous montrons la convergence du système de réécriture à l'aide d'un démonstrateur de théorèmes. Pour la seconde classe, nous ajoutons au langage appel par référence et listes mutables. Ces deux mécanismes introduisent la possibilité de manipuler des alias dans les programmes. Nous énonçons des restrictions sur l'utilisation des alias moyennant lesquelles nous proposons un algorithme pour la traduction en équations des programmes de cette seconde classe. La définition équationnelle obtenue ne s'appuie pas sur un modèle de la mémoire. Les équations produites par la traduction d'un programme peuvent alors être utilisées dans des systèmes de preuve afin de vérifier des propriétés du programme, elles-mêmes exprimées par des équations. Nous validons notre approche par une implantation des algorithmes et par la preuve de propriétés de programmes non triviales à l'aide des équations produites par notre méthode.Omnipresence of computer systems in modern technological applications makes the question of their reliability essential. In this thesis, we investigate equational logic as a foundation for the verification of programs written in an imperative language. Our approach aims at automating the verification of program properties while offering a formalism suited to software developers for reasoning about programs. Precisely, our work addresses the automatic translation of imperative programs into equational logic in order to verify their correctness. We studied two classes of programs. In the first class, assignment is the sole language statement with side effect. We developed an algorithm to translate the programs in this class into a set of equations. This algorithm is expressed as a rewrite system defining the language's semantics. We showed, with a theorem prover, the convergence of our rewrite system. The second class is defined by adding to the programming language call-by-reference parameter passing mode and mutable lists. These mechanisms introduce the ability of handling aliases in programs. We define restrictions on the use of aliases which allow us to propose an algorithm for the translation into equations of the programs in the new class. The equational definition we obtain does not involve an explicit model of the program's memory. The equations produced by the translation of a program can then be used in proof systems in order to verify properties of the program. The properties are also expressed as equations. We validate our approach by implementing the translation algorithms and by proving interesting program properties from the equations produced by our method.NICE-BU Sciences (060882101) / SudocSudocFranceF

Refining Abstract Interpretation-based Approximations with Constraint Solvers

Abstract. Programs with floating-point computations are tricky to develop because floating-point arithmetic differs from real arithmetic and has many counterintuitive properties. A classical approach to verify such programs consists in estimating the precision of floating-point computations with respect to the same sequence of operations in an idealized interpretation—have been designed to address this problem. However, such tools compute an over-approximation of the domains of the variables, both in the semantics of the floating-point numbers and in the semantics of the real numbers. This over-approximation can be very coarse on some programs. In this paper, we show that constraint solvers over floating-point numbers and real numbers can significantly refine the approximations computed by Fluctuat. We managed to reduce drastically the domains of variables of C programs that are difficult to handle for abstract interpretation techniques implemented in Fluctuat. Key words: Program verification; Floating-point computation; C programs; Abstract interpretation-based approximation; Interval-based constraint solvers over real and floating-point numbers

Verification of an Industrial SystemC/TLM Model using LOTOS and CADP

International audienceSystemC/TLM is a widely used standard for system level descriptions of complex architectures. It is particularly useful for fast simulation, thus allowing early development and testing of the targeted software. In general, formal verification of SystemC/TLM relies on the translation of the complete model into a language accepted by a verification tool. In this paper, we present an approach to the validation of a SystemC/TLM description by translation into LOTOS, reusing as much as possible of the original SystemC/TLM C++ code. To this end, we exploit a feature offered by the formal verification toolbox CADP, namely the import of external C code in a LOTOS model. We report on experiments of our approach on the BDisp, a complex graphical processing unit designed by STMicroelectronics