Results 1  10
of
13
Compiler Correctness and Implementation Verification: The Verifix Approach
, 1996
"... Compiler correctness is crucial to the software engineering of safety critical software. It depends on both the correctness of the compiling specification and the correctness of the compiler implementation. We will discuss compiler correctness for practically relevant source languages and target mac ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
Compiler correctness is crucial to the software engineering of safety critical software. It depends on both the correctness of the compiling specification and the correctness of the compiler implementation. We will discuss compiler correctness for practically relevant source languages and target machines in order to find an adequate correctness notion for the compiling specification, i.e. for the mapping from source to target programs with respect to their standard semantics, which allows for proving both specification and implementation correctness. We will sketch our approach of proving the correctness of the compiler implementation as a binary machine program, using a special technique of bootstrapping and double checking the results. We will discuss mechanical proof support for both compiling verification and compiler implementation verification in order to make them feasible parts of the software engineering of correct compilers. Verifix is a joint project on Correct Compilers fun...
Inference rules for programming languages with side effects in expressions
 In International Conference on Theorem Proving in Higher Order Logics
, 1996
"... Abstract. Much of the work on verifying software has been done on simple, often artificial, languages or subsets of existing languages to avoid difficult details. In trying to verify a secure application written in C, we have encountered and overcome some semantically complicated uses of the languag ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
Abstract. Much of the work on verifying software has been done on simple, often artificial, languages or subsets of existing languages to avoid difficult details. In trying to verify a secure application written in C, we have encountered and overcome some semantically complicated uses of the language. We present inference rules for assignment statements with pre and postevaluation side effects and while loops with arbitrary preevaluation side effects in the test expression. We also discuss the need to abstract the semantics of program functions and present an inference rule for abstraction.
Specification, Verification and Prototyping of an Optimized Compiler
, 1994
"... This paper generalizes an algebraic method for the design of a correct compiler to tackle specification and verification of an optimized compiler. The main optimization issues of concern here include the use of existing contents of registers where possible and the identification of common expression ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
This paper generalizes an algebraic method for the design of a correct compiler to tackle specification and verification of an optimized compiler. The main optimization issues of concern here include the use of existing contents of registers where possible and the identification of common expressions. A register table is introduced in the compiling specification predicates to map each register to an expression whose value is held by it. We define different kinds of predicates to specify compilation of programs, expressions and Boolean tests. A set of theorems relating to these predicates, acting as a correct compiling specification, are presented and an example proof within the refinement algebra of the programming language is given. Based on these theorems, a prototype compiler in Prolog is produced.
Axiomatic Semantics Verification of a Secure Web Server
, 1998
"... We formally verify that a particular web server written in C is secure, that is, a remote user cannot get files he shouldn't or change the server's files. Although the code was thoroughly reviewed and tested, the verification located some heretofore unknown behavioral weaknesses. To verify this code ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We formally verify that a particular web server written in C is secure, that is, a remote user cannot get files he shouldn't or change the server's files. Although the code was thoroughly reviewed and tested, the verification located some heretofore unknown behavioral weaknesses. To verify this code, we invented new inference rules for reasoning about expressions with side effects, which occur often in C. We also formalized aspects of Unix file systems and processes, operating system and library calls, parts of the C language, and security properties. We propose an architecture for a software verification system which could be widely useful, and argue that our proof demonstrates that real world software written in real world languages can be verified.
A Hierarchical Method for Reasoning about Distributed Programming Languages
 In Proceedings of the 1995 International Workshop on Higher Order Logic Theorem Proving and its Applications
, 1995
"... . This paper presents a technique for specifying and reasoning about the operational semantics of distributed programming languages. We formalize the concept of "vertical stacking" of distributed systems, an extension of Joyce's, Windley's and Curzon's stacking methodologies for sequential systems a ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
. This paper presents a technique for specifying and reasoning about the operational semantics of distributed programming languages. We formalize the concept of "vertical stacking" of distributed systems, an extension of Joyce's, Windley's and Curzon's stacking methodologies for sequential systems and of the CLI "short stack" which stacks interpreters for object code, assembly code, and a highlevel sequential language. We use a state transition model to account for the issues of atomicity, concurrency and nondeterminism at all levels in our stack. A correctness definition is given, which for each pair of adjacent language semantics and mappings between them, produces proof obligations corresponding to the correctness of the language implementation. We present an application of the method to a twolevel stack: the microSR distributed programming language and a multiprocessor instruction set, which is the target language for a compiler for microSR. We also present the development of a ...
Towards Machinechecked Compiler Correctness for Higherorder Pure Functional Languages
 CSL '94, European Association for Computer Science Logic, Springer LNCS
, 1994
"... . In this paper we show that the critical part of a correctness proof for implementations of higherorder functional languages is amenable to machineassisted proof. An extended version of the lambdacalculus is considered, and the congruence between its direct and continuation semantics is proved. ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
. In this paper we show that the critical part of a correctness proof for implementations of higherorder functional languages is amenable to machineassisted proof. An extended version of the lambdacalculus is considered, and the congruence between its direct and continuation semantics is proved. The proof has been constructed with the help of a generic theorem prover  Isabelle. The major part of the problem lies in establishing the existence of predicates which describe the congruence. This has been solved using Milne's inclusive predicate strategy [5]. The most important intermediate results and the main theorem as derived by Isabelle are quoted in the paper. Keywords: Compiler Correctness, Theorem Prover, Congruence Proof, Denotational Semantics, Lambda Calculus 1 Introduction Much of the work done previously in compiler correctness concerns restricted subsets of imperative languages. Some studies involve machinechecked correctnesse.g. Cohn [1], [2]. A lot of research h...
Experiences with Proof in a Formal Development
 Proceedings of 1st International Conference on B, Institut de Recherche en Informatique de
, 1996
"... This paper describes an investigation into the proof facilities within the BToolkit based on a study of the specification and refinement of low level code in the control systems domain. We describe the problems we encountered and some means by which these problems can be tackled within the existi ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
This paper describes an investigation into the proof facilities within the BToolkit based on a study of the specification and refinement of low level code in the control systems domain. We describe the problems we encountered and some means by which these problems can be tackled within the existing framework. We conclude with some more general guidelines by which the proof facilities could be enhanced to improve the effectiveness of the provers for industrial scale verification of formal developments. 1 Introduction Formal development has been advocated for use in industrial control systems design, especially for safetycritical applications. Formal proof is an important source of confidence in such developments. However, it is perceived as an expensive and highly specialised task. If the full benefit of the formal approach is to be attained, the development of viable methods to aid the production of proofs is essential. In a reference to programming, Kowalski[13] coined a fam...
A Mathematically Precise TwoLevel Formal Hardware Verification Methodology
, 1992
"... Theoremproving and symbolic trajectory evaluation are both described as methods for the formal verification of hardware. They are both used to achieve a common goalcorrectly designed hardwareand both are intended to be an alternative to conventional methods based on nonexhaustive simulati ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Theoremproving and symbolic trajectory evaluation are both described as methods for the formal verification of hardware. They are both used to achieve a common goalcorrectly designed hardwareand both are intended to be an alternative to conventional methods based on nonexhaustive simulation. However, they have different strengths and weaknesses. The main significance of this paper is the description of a twolevel approach to formal hardware verification, where the HOL theorem prover is combined with the Voss verification system. From symbolic trajectory evaluation we inherit a high degree of automation and accurate models of circuit behavior and timing. From interactive theoremproving we gain access to powerful mathematical tools such as induction and abstraction. The interface between the HOL and Voss is, however, more than just an ad hoc translation of verification results obtained by one tool into input for the other tool. We have developed a "mathematical" inte...
Towards Verified Systems
, 1994
"... This book presents some results of research into techniques to aid the formal verification of mixed hardware/software systems. ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
This book presents some results of research into techniques to aid the formal verification of mixed hardware/software systems.
The Importance of Proof Maintenance and Reengineering
 In Proc. Int. Workshop on Higher Order Logic Theorem Proving and Its Applications
, 1995
"... Our work on the verification of real hardware designs using HOL has resulted in very large proof scripts. Consequently, problems were encountered that are not an issue in smaller verification efforts. In particular, we have found that the maintainability of proofs is of paramount importance. There a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Our work on the verification of real hardware designs using HOL has resulted in very large proof scripts. Consequently, problems were encountered that are not an issue in smaller verification efforts. In particular, we have found that the maintainability of proofs is of paramount importance. There are many reasons why proof scripts in LCF style theorem provers may be reused. This can be in order to maintain and understand old proofs as well as to speed the creation of new ones. Consequently, proofs should be written in styles that ease their maintainability and make them easier to reuse. Furthermore, proof tools and interfaces should be designed with proof reuse as well as proof creation in mind. Many of the problems could be prevented from occurring in the first place with suitable support. 1 Introduction The recent Fairisle switching fabric verification project [3] entailed using HOL [5] to verify real hardware designs. The resulting proofs consist of several hundred theories, the s...