From Verified Models to Verifiable Code

Declarative specifications of digital systems often contain parts that can be automatically translated into executable code. Automated code generation may reduce or eliminate the kinds of errors typically introduced through manual code writing. For this approach to be effective, the generated code should be reasonably efficient and, more importantly, verifiable. This paper presents a prototype code generator for the Prototype Verification System (PVS) that translates a subset of PVS functional specifications into an intermediate language and subsequently to multiple target programming languages. Several case studies are presented to illustrate the tool's functionality. The generated code can be analyzed by software verification tools such as verification condition generators, static analyzers, and software model-checkers to increase the confidence that the generated code is correct

Reentrant Readers--Writers: A Case Study Combining Model Checking and Theorem Proving

Contains fulltext : 72239.pdf (publisher's version ) (Open Access)20 p

Chapter 1 Induction and Co-Induction in Sparkle

Abstract: Sparkle is a proof assistant designed for the lazy functional programming language Clean. It is designed to facilitate proofs of first order logical predicates on existing and newly written programs. In order to achieve this it is of the utmost importance that the proof system is easy to use and integrated into the IDE. The implementation of Sparkle only has a basic induction principle so far. For many programs and complex proofs this will not suffice. To address this issue we have expanded Sparkle with several induction and co-induction proof techniques for mutually recursive functions and data types. By providing examples of proofs on programs, taken from various research papers, we show how the programmer can benefit from these added tactics. With our extensions Sparkle can be used to prove properties of a wide class of programs. 1.

Deadlock and Starvation Free Reentrant Readers-Writers -a Case Study Combining Model Checking with Theorem Proving

Abstract The classic readers-writers problem has been extensively studied. This holds to a lesser degree for the reentrant version, where it is allowed to nest locking actions. Such nesting is useful when a library is created with various procedures each starting and ending with a lock operation. Allowing nesting makes it possible for these procedures to call each other. We considered an existing widely used industrial implementation of the reentrant readers-writers problem. Staying close to the original code, we modeled and analyzed it using a model checker resulting in the detection of a serious error: a possible deadlock situation. The model was improved and checked satisfactorily for a fixed number of processes. To achieve a correctness result for an arbitrary number of processes the model was converted to a specification that was proven with a theorem prover. Furthermore, we studied starvation. Using model checking we found a starvation problem. We have fixed the problem and checked the solution. Combining model checking with theorem proving appeared to be very effective in reducing the time of the verification process

Improving model inference in industry by combining active and passive learning

\u3cp\u3eInferring behavioral models (e.g., state machines) of software systems is an important element of re-engineering activities. Model inference techniques can be categorized as active or passive learning, constructing models by (dynamically) interacting with systems or (statically) analyzing traces, respectively. Application of those techniques in the industry is, however, hindered by the trade-off between learning time and completeness achieved (active learning) or by incomplete input logs (passive learning). We investigate the learning time/completeness achieved trade-off of active learning with a pilot study at ASML, provider of lithography systems for the semiconductor industry. To resolve the trade-off we advocate extending active learning with execution logs and passive learning results.We apply the extended approach to eighteen components used in ASML TWINSCAN lithography machines. Compared to traditional active learning, our approach significantly reduces the active learning time. Moreover, it is capable of learning the behavior missed by the traditional active learning approach.\u3c/p\u3

Improving model inference in industry by combining active and passive learning

Inferring behavioral models (e.g., state machines) of software systems is an important element of re-engineering activities. Model inference techniques can be categorized as active or passive learning, constructing models by (dynamically) interacting with systems or (statically) analyzing traces, respectively. Application of those techniques in the industry is, however, hindered by the trade-off between learning time and completeness achieved (active learning) or by incomplete input logs (passive learning). We investigate the learning time/completeness achieved trade-off of active learning with a pilot study at ASML, provider of lithography systems for the semiconductor industry. To resolve the trade-off we advocate extending active learning with execution logs and passive learning results.We apply the extended approach to eighteen components used in ASML TWINSCAN lithography machines. Compared to traditional active learning, our approach significantly reduces the active learning time. Moreover, it is capable of learning the behavior missed by the traditional active learning approach

Deadlock and starvation free reentrant readers-writers: A case study combining model checking with theorem proving

Contains fulltext : 91697.pdf (publisher's version ) (Closed access