Results 1  10
of
11
A Sound and Complete Program Logic for Eiffel
"... Objectoriented languages provide advantages such as reuse and modularity, but they also raise new challenges for program verification. Program logics have been developed for languages such as C# and Java. However, these logics do not cover the specifics of the Eiffel language. This paper presents ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
Objectoriented languages provide advantages such as reuse and modularity, but they also raise new challenges for program verification. Program logics have been developed for languages such as C# and Java. However, these logics do not cover the specifics of the Eiffel language. This paper presents a program logic for Eiffel that handles exceptions, once routines, and multiple inheritance. The logic is proven sound and complete w.r.t. an operational semantics. Lessons on language design learned from the experience are discussed.
Automatic verification of advanced objectoriented features: The AutoProof approach
 In LASER Tools for Practical Software Verification, volume 7682 of LNCS
, 2012
"... Abstract. Static program verifiers such as Spec#, Dafny, jStar, and VeriFast define the state of the art in automated functional verification techniques. The next open challenges are to make verification tools usable even by programmers not fluent in formal techniques. This paper discusses some tech ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Static program verifiers such as Spec#, Dafny, jStar, and VeriFast define the state of the art in automated functional verification techniques. The next open challenges are to make verification tools usable even by programmers not fluent in formal techniques. This paper discusses some techniques used in AutoProof, a verification tool that translates Eiffel programs to Boogie and uses the Boogie verifier to prove them. In an effort to be usable with real programs, AutoProof fully supports several advanced objectoriented features including polymorphism, inheritance, and function objects. AutoProof also adopts simple strategies to reduce the amount of annotations needed when verifying programs (e.g., frame conditions). The paper illustrates the main features of AutoProof’s translation, including some whose implementation is underway, and demonstrates them with examples and a case study. 1 Usable Verification Tools It is hard to overstate the importance of tools for software verification: tools
Integrating ProofTransforming Compilation into EiffelStudio
, 2008
"... Compilation from Eiffel to CIL 6 2.1 Background on the logic for Eiffel and the logic for CIL Bytecode.. 6 ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Compilation from Eiffel to CIL 6 2.1 Background on the logic for Eiffel and the logic for CIL Bytecode.. 6
Certificates and Separation Logic
"... Abstract. Modular and local reasoning about objectoriented programs has been widely studied for programing languages such as C # and Java. Once source programs have been proven, the next verification challenge is to ensure that the code produced by the compiler is correct. Since verifying a compile ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Modular and local reasoning about objectoriented programs has been widely studied for programing languages such as C # and Java. Once source programs have been proven, the next verification challenge is to ensure that the code produced by the compiler is correct. Since verifying a compiler can be extremely complex, this paper uses prooftransforming compilation, an alternative approach which automatically generates certificates, a bytecode proof, from proofs in the source language. The paper develops a bytecode logic using separation logic, and proof translation from proofs of objectoriented programs to bytecode. The translation also handles proofs for concurrent programs. The bytecode logic and the proof transformation are proven sound.
Supervised by:
"... Correctness of software systems can be proven by using static verification techniques. Static verifiers such as Spec # and ESC/Java have been developed for objectoriented languages. These verifiers have shown that static verification can be applied to objectoriented languages such as C # and Java. ..."
Abstract
 Add to MetaCart
(Show Context)
Correctness of software systems can be proven by using static verification techniques. Static verifiers such as Spec # and ESC/Java have been developed for objectoriented languages. These verifiers have shown that static verification can be applied to objectoriented languages such as C # and Java. However, these verifiers are not easy to use, as they introduce many new concepts that programmers have to learn. To apply these verifiers to a real project, one has to modify existing code by adding contracts and annotations such as pure method marks or ownership information. Eiffel supports Design by Contract. Current libraries and programs are therefore already annotated with contracts. The goal of this thesis is to develop an automatic verifier for Eiffel which can prove existing code without the need of further annotations. The main features supported by the tool are agents and dynamic invocation. The tool, called EVE Proofs, translates Eiffel programs to Boogie and runs a fully automatic theorem prover to check correctness of the code. EVE Proofs is integrated
Overview
"... ProofCarrying Components (PCC) are a form of trusted components, for which the guarantee of quality is perhaps the strongest one possible: a mathematical proof, machinecheckable, that the component satisfies specific properties, known as the contract for the component. These properties can be more ..."
Abstract
 Add to MetaCart
(Show Context)
ProofCarrying Components (PCC) are a form of trusted components, for which the guarantee of quality is perhaps the strongest one possible: a mathematical proof, machinecheckable, that the component satisfies specific properties, known as the contract for the component. These properties can be more or less extensive: they might characterize all that's interesting about the component's behavior, or just some specific aspects, such as absence of "nullpointer dereferencing " or other runtime failures. ProofCarrying Components can be automatically generated using ProofTransforming Compilers [4, 5, 6]. PTCs are similar to certifying compilers in PCC, but take a source proof as input and produce the bytecode proof. An important property of ProofTransforming Compilers is that they do not have to be trusted. If the compiler produces a wrong specification or a wrong proof for a component, the proof checker will reject the component. To show the feasibility of ProofTransforming Compilers, Nordio, Karahan, Guex and Hess [7,8,9] have implemented a PTC for a subset of Eiffel. The compiler takes a proof of an Eiffel program in XML format and produces the bytecode proof. However, the bytecode proof produced as result is not embedded in any theorem prover. This project consists of embedding the ProofCarrying Components into Isabelle. The components are automatically generated by the PTC. The compiler produces an AST of the component. The goal of this project is embedding the component into Isabelle. Scope of the work This project will develop a translator for ProofCarrying Components to Isabelle. The task consists of embedding boolean expressions and CIL instruction into Isabelle. Boolean expressions are used to express both contracts and prepostcondition of the proof. The formal grammar is the following: datatype EiffelContract = Requires boolExpr  ensures boolExpr datatype boolExpr = Const bool  Neg boolExpr  And boolExpr boolExpr  Or boolExpr boolExpr  AndThen boolExpr boolExpr  OrElse boolExpr boolExpr
Overview
, 2008
"... A prooftransforming compiler is a compiler that takes a source proof as input and produces a bytecode proof. This project consists of the development of a prooftransforming compiler for Eiffel contracts. The compiler takes a source proof with contracts and produces a bytecode proof and its CIL con ..."
Abstract
 Add to MetaCart
A prooftransforming compiler is a compiler that takes a source proof as input and produces a bytecode proof. This project consists of the development of a prooftransforming compiler for Eiffel contracts. The compiler takes a source proof with contracts and produces a bytecode proof and its CIL contract. The proof translation will be done using the compiler implemented in [4]. Scope of the work The work consists of the implementation of a contract translation. The input of the compiler is a source proof and contracts written in the XML format. In a first step, a parser for the source proof will be implemented. The parser will produce an AST. The design of the XML schema and the AST is presented in [4]. They will be extended to handle contracts. In a second step, contracts will be parsed generating an AST. The AST will be designed to model the complete contract [3]. The formal grammar of the considered contract language is the following: datatype EiffelContract = Requires_ensures boolExpr datatype boolExpr = Const bool  Neg boolExpr  And boolExpr boolExpr  Or boolExpr boolExpr  AndThen boolExpr boolExpr  OrElse boolExpr boolExpr
Overview
, 2010
"... As the emerged threaten caused by unsafe execution of mobile code, ProofCarrying Code (PCC) was adopted to establish “trust ” between the code producer and consumer. In PCC, the code producer generates a formal proof automatically by Certifying compiler which indicates the code’s adherence to the s ..."
Abstract
 Add to MetaCart
(Show Context)
As the emerged threaten caused by unsafe execution of mobile code, ProofCarrying Code (PCC) was adopted to establish “trust ” between the code producer and consumer. In PCC, the code producer generates a formal proof automatically by Certifying compiler which indicates the code’s adherence to the security properties specified by the code consumer. Proof Transforming Compilers (PTC)[3,4] is a similar approach to Certifying compiler in PCC, but take a source proof as input and produce the bytecode proof, and with interactive source code verification compared to Certifying compiler, more complex properties can be handled. In order to simplify the translation from source proof to the bytecode level, they presented a Hoare style logic for bytecode similar with the source code logic, proof transformation was formalized and soundness result was proved in their works. Separation logic[5] is an extension to Hoare logic that permits reasoning about shared mutable heap structures, and it has been utilized to modular reasoning in object oriented languages in many works[6,7]. In order to automatically translate source code proof to bytecode logic by PTC, a separation logic for bytecode is needed. This project consists of the separation logic for bytecode, and the translation from source to bytecode level. Scope of the work This project will develop a proof transformation for separation logic from source to bytecode level, the task of this project consists of developing separation logic for CIL/java bytecode, and the proof transformation from the source separation logic to the bytecode separation logic. Intended results The result will be a bytecode logic using separation logic, and proof translation functions which takes the source code proof and translates it to the bytecode level.
Embedding ProofCarrying . . .
"... The execution of mobile code can produce unexpected behaviour which may compromise security and correctness of a software system. ProofCarrying Components are a way to overcome this problem. ProofCarrying Components carry a mathematical proof showing that the component satisfies certain properties ..."
Abstract
 Add to MetaCart
The execution of mobile code can produce unexpected behaviour which may compromise security and correctness of a software system. ProofCarrying Components are a way to overcome this problem. ProofCarrying Components carry a mathematical proof showing that the component satisfies certain properties, known as the contract of the component. A code consumer can check the mathematical proof attached to the component before executing the mobile code. In this way, the consumer can make sure in advance that the mobile code will be executed in a safe way. ProofCarrying Components can be automatically generated using ProofTransforming Compilers. ProofTransforming Compilers are compilers that take a source proof with contracts as input and produce a bytecode proof and its contract as output. An important property of ProofTransforming Compilers is that they do not have to be trusted. If a ProofTransforming Compiler produces a wrong specification or a wrong proof for a component, the proof checker of the code consumer will reject the component. In this Master thesis, we show how a bytecode proof produced as output of a ProofTransforming Compiler can be embedded in a theorem prover. We have embedded the ProofCarrying Components into Isabelle, using shallow embedding for the component contracts and a deep embedding for the bytecode instructions. To show that a component satisfies its contract, the generator produces a proof script. We have optimized this proof script and the measurements show that proofs are checked at least twice as fast compared to the nonoptimized proof script. The embedding has been integrated into a Proof