34 research outputs found
A Static Analyzer for Large Safety-Critical Software
We show that abstract interpretation-based static program analysis can be
made efficient and precise enough to formally verify a class of properties for
a family of large programs with few or no false alarms. This is achieved by
refinement of a general purpose static analyzer and later adaptation to
particular programs of the family by the end-user through parametrization. This
is applied to the proof of soundness of data manipulation operations at the
machine level for periodic synchronous safety critical embedded software. The
main novelties are the design principle of static analyzers by refinement and
adaptation through parametrization, the symbolic manipulation of expressions to
improve the precision of abstract transfer functions, the octagon, ellipsoid,
and decision tree abstract domains, all with sound handling of rounding errors
in floating point computations, widening strategies (with thresholds, delayed)
and the automatic determination of the parameters (parametrized packing)
A model of guarded recursion with clock synchronisation
AbstractGuarded recursion is an approach to solving recursive type equations where the type variable appears guarded by a modality to be thought of as a delay for one time step. Atkey and McBride proposed a calculus in which guarded recursion can be used when programming with coinductive data, allowing productivity to be captured in types. The calculus uses clocks representing time streams and clock quantifiers which allow limited and controlled elimination of modalities. The calculus has since been extended to dependent types by Møgelberg. Both works give denotational semantics but no rewrite semantics.In previous versions of this calculus, different clocks represented separate time streams and clock synchronisation was prohibited. In this paper we show that allowing clock synchronisation is safe by constructing a new model of guarded recursion and clocks. This result will greatly simplify the type theory by removing freshness restrictions from typing rules, and is a necessary step towards defining rewrite semantics, and ultimately implementing the calculus
Step-Indexed Normalization for a Language with General Recursion
The Trellys project has produced several designs for practical dependently
typed languages. These languages are broken into two
fragments-a_logical_fragment where every term normalizes and which is
consistent when interpreted as a logic, and a_programmatic_fragment with
general recursion and other convenient but unsound features. In this paper, we
present a small example language in this style. Our design allows the
programmer to explicitly mention and pass information between the two
fragments. We show that this feature substantially complicates the metatheory
and present a new technique, combining the traditional Girard-Tait method with
step-indexed logical relations, which we use to show normalization for the
logical fragment.Comment: In Proceedings MSFP 2012, arXiv:1202.240
Generating Bijections between HOAS and the Natural Numbers
A provably correct bijection between higher-order abstract syntax (HOAS) and
the natural numbers enables one to define a "not equals" relationship between
terms and also to have an adequate encoding of sets of terms, and maps from one
term family to another. Sets and maps are useful in many situations and are
preferably provided in a library of some sort. I have released a map and set
library for use with Twelf which can be used with any type for which a
bijection to the natural numbers exists.
Since creating such bijections is tedious and error-prone, I have created a
"bijection generator" that generates such bijections automatically together
with proofs of correctness, all in the context of Twelf.Comment: In Proceedings LFMTP 2010, arXiv:1009.218
Formal Component-Based Semantics
One of the proposed solutions for improving the scalability of semantics of
programming languages is Component-Based Semantics, introduced by Peter D.
Mosses. It is expected that this framework can also be used effectively for
modular meta theoretic reasoning. This paper presents a formalization of
Component-Based Semantics in the theorem prover Coq. It is based on Modular
SOS, a variant of SOS, and makes essential use of dependent types, while
profiting from type classes. This formalization constitutes a contribution
towards modular meta theoretic formalizations in theorem provers. As a small
example, a modular proof of determinism of a mini-language is developed.Comment: In Proceedings SOS 2011, arXiv:1108.279
Towards Merging PlatΩ and PGIP
AbstractThe PGIP protocol is a standard, abstract interface protocol to connect theorem provers with user interfaces. Interaction in PGIP is based on ASCII-text input and a single focus point-of-control, which indicates a linear position in the input that has been checked thus far. This fits many interactive theorem provers whose interaction model stems from command-line interpreters. PlatΩ, on the other hand, is a system with a new protocol tailored to transparently integrate theorem provers into text editors like that support semi-structured XML input files and multiple foci of attention. In this paper we extend the PGIP protocol and middleware broker to support the functionalities provided by PlatΩ and beyond. More specifically, we extend PGIP (i) to support multiple foci in provers; (ii) to display semi-structured documents; (iii) to combine prover updates with user edits; (iv) to support context-sensitive service menus, and (v) to allow multiple displays. As well as supporting , the extended PGIP protocol in principle can support other editors such as OpenOffice, Word 2007 and graph viewers; we hope it will also provide guidance for extending provers to handle multiple foci
A Machine Checked Model of Idempotent MGU Axioms For Lists of Equational Constraints
We present formalized proofs verifying that the first-order unification
algorithm defined over lists of satisfiable constraints generates a most
general unifier (MGU), which also happens to be idempotent. All of our proofs
have been formalized in the Coq theorem prover. Our proofs show that finite
maps produced by the unification algorithm provide a model of the axioms
characterizing idempotent MGUs of lists of constraints. The axioms that serve
as the basis for our verification are derived from a standard set by extending
them to lists of constraints. For us, constraints are equalities between terms
in the language of simple types. Substitutions are formally modeled as finite
maps using the Coq library Coq.FSets.FMapInterface. Coq's method of functional
induction is the main proof technique used in proving many of the axioms.Comment: In Proceedings UNIF 2010, arXiv:1012.455
Applying SMT Solvers to the Test Template Framework
The Test Template Framework (TTF) is a model-based testing method for the Z
notation. In the TTF, test cases are generated from test specifications, which
are predicates written in Z. In turn, the Z notation is based on first-order
logic with equality and Zermelo-Fraenkel set theory. In this way, a test case
is a witness satisfying a formula in that theory. Satisfiability Modulo Theory
(SMT) solvers are software tools that decide the satisfiability of arbitrary
formulas in a large number of built-in logical theories and their combination.
In this paper, we present the first results of applying two SMT solvers, Yices
and CVC3, as the engines to find test cases from TTF's test specifications. In
doing so, shallow embeddings of a significant portion of the Z notation into
the input languages of Yices and CVC3 are provided, given that they do not
directly support Zermelo-Fraenkel set theory as defined in Z. Finally, the
results of applying these embeddings to a number of test specifications of
eight cases studies are analysed.Comment: In Proceedings MBT 2012, arXiv:1202.582
A coinductive semantics of the Unlimited Register Machine
We exploit (co)inductive specifications and proofs to approach the evaluation of low-level programs for the Unlimited Register Machine (URM) within the Coq system, a proof assistant based on the Calculus of (Co)Inductive Constructions type theory. Our formalization allows us to certify the implementation of partial functions, thus it can be regarded as a first step towards the development of a workbench for the formal analysis and verification of both converging and diverging computations