Results 1  10
of
10
Machinecode verification for multiple architectures: An application of decompilation into logic
 In Formal Methods in Computer Aided Design (FMCAD
, 2008
"... Abstract — Realistic formal specifications of machine languages for commercial processors consist of thousands of lines of definitions. Current methods support trustworthy proofs of the correctness of programs for one such specification. However, these methods provide little or no support for reusin ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
Abstract — Realistic formal specifications of machine languages for commercial processors consist of thousands of lines of definitions. Current methods support trustworthy proofs of the correctness of programs for one such specification. However, these methods provide little or no support for reusing proofs of the same algorithm implemented in different machine languages. We describe an approach, based on proofproducing decompilation, which both makes machinecode verification tractable and supports proof reuse between different languages. We briefly present examples based on detailed models of machine code for ARM, PowerPC and x86. The theories and tools have been implemented in the HOL4 system. I.
A sound semantics for OCamllight
 In: Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008, Lecture Notes in Computer Science
, 2008
"... Abstract. Few programming languages have a mathematically rigorous definition or metatheory—in part because they are perceived as too large and complex to work with. This paper demonstrates the feasibility of such undertakings: we formalize a substantial portion of the semantics of Objective Caml’s ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstract. Few programming languages have a mathematically rigorous definition or metatheory—in part because they are perceived as too large and complex to work with. This paper demonstrates the feasibility of such undertakings: we formalize a substantial portion of the semantics of Objective Caml’s core language (which had not previously been given a formal semantics), and we develop a mechanized type soundness proof in HOL. We also develop an executable version of the operational semantics, verify that it coincides with our semantic definition, and use it to test conformance between the semantics and the OCaml implementation. We intend our semantics to be a suitable substrate for the verification of OCaml programs. 1 Mechanizing Metatheory Researchers in programming languages and program verification routinely develop their ideas in the context of core calculi and idealized models. The advantage of the core calculus approach comes from the efficacy of pencilandpaper mathematics, both for specification and proof; however, these techniques do not scale well. Usable programming
Interactive, Scalable, Declarative Program Analysis: From Prototype to Implementation
, 2007
"... Static analyses provide the semantic foundation for tools ranging from optimizing compilers to refactoring browsers and advanced debuggers. Unfortunately, developing new analysis specifications and implementations is often difficult and errorprone. Since analysis specifications are generally writte ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Static analyses provide the semantic foundation for tools ranging from optimizing compilers to refactoring browsers and advanced debuggers. Unfortunately, developing new analysis specifications and implementations is often difficult and errorprone. Since analysis specifications are generally written in a declarative style, logic programming presents an attractive model for producing executable specifications of analyses. However, prior work on using logic programming for program analysis has focused exclusively on solving constraints derived from program texts by an external preprocessor. In this paper, we present DIMPLE, an analysis framework for Java bytecodes implemented in the Yap Prolog system [8]. DIMPLE provides both a representation of Java bytecodes in a database of relations and a declarative domainspecific language for specifying new analyses as queries over this database. DIMPLE thus enables researchers to use logic programming for every step of the analysis development process, from specification to prototype to implementation. We demonstrate that our approach facilitates rapid prototyping of new program analyses and produces executable analysis implementations that are speedcompetitive with specialized analysis toolkits.
Verifying distributed systems: the operational approach
, 2009
"... This work develops an integrated approach to the verification of behaviourally rich programs, founded directly on operational semantics. The power of the approach is demonstrated with a stateoftheart verification of a core piece of distributed infrastructure, involving networking, a filesystem, an ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
This work develops an integrated approach to the verification of behaviourally rich programs, founded directly on operational semantics. The power of the approach is demonstrated with a stateoftheart verification of a core piece of distributed infrastructure, involving networking, a filesystem, and concurrent OCaml code. The formalization is in higherorder logic and proof support is provided by the HOL4 theorem prover. Difficult verification problems demand a wide range of techniques. Here these include ground and symbolic evaluation, local reasoning, separation, invariants, Hoarestyle assertional reasoning, rely/guarantee, inductive reasoning about protocol correctness, multiple refinement, and linearizability. While each of these techniques is useful in isolation, they are even more so in combination. The first contribution of this paper is to present the operational approach and describe how existing techniques, including all those mentioned above, may be cleanly and precisely integrated in this setting. The second contribution is to show how to combine verifications of individual library functions with arbitrary and unknown user code in a compositional manner, focusing on the problems of private state and encapsulation. The third contribution is the example verification itself. The infrastructure must behave correctly under arbitrary patterns of host and network failure, whilst for performance reasons the code also includes data races on shared state. Both features make the verification particularly challenging.
A mechanical analysis of program verification strategies
 Journal of Automated Reasoning
, 2008
"... Abstract. We analyze three proof strategies commonly used in deductive verification of deterministic sequential programs formalized with operational semantics. The strategies are: (i) stepwise invariants, (ii) clock functions, and (iii) inductive assertions. We show how to formalize the strategies i ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We analyze three proof strategies commonly used in deductive verification of deterministic sequential programs formalized with operational semantics. The strategies are: (i) stepwise invariants, (ii) clock functions, and (iii) inductive assertions. We show how to formalize the strategies in the logic of the ACL2 theorem prover. Based on our formalization, we prove that each strategy is both sound and complete. The completeness result implies that given any proof of correctness of a sequential program one can derive a proof in each of the above strategies. The soundness and completeness theorems have been mechanically checked with ACL2.
Using Theorem Proving and Algorithmic Decision Procedures for LargeScale System Verification
, 2005
"... To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collaborators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collaborators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a person and as a scientist. First and foremost, I wish to thank my advisor J Strother Moore. J is an amazing advisor, a marvellous collaborator, an insightful researcher, an empathetic teacher, and a truly great human being. He gave me just the right balance of freedom, encouragement, and direction to guide the course of this research. My stimulating discussions with him made the act of research an experience of pure enjoyment, and helped pull me out of many low ebbs. At one point I used to believe that whenever I was stuck with a problem one meeting with J would get me back on track. Furthermore, my times together with J and Jo during Thanksgivings and other occasions always made me feel part of his family. There was no problem, technical or otherwise, that I could not discuss with J, and there was no time when
ACL2VHDL Translator: A Simple Approach to Fill the Semantic Gap
"... Abstract. We wrote an ACL2 to VHDL translator for our verification purpose. One major problem of translation between programming languages and the ACL2 language is the semantic gap caused by the translation; it is not easy to translate one language to another while precisely preserving its semantics ..."
Abstract
 Add to MetaCart
Abstract. We wrote an ACL2 to VHDL translator for our verification purpose. One major problem of translation between programming languages and the ACL2 language is the semantic gap caused by the translation; it is not easy to translate one language to another while precisely preserving its semantics. Our approach is to write a translator for a small subset of the ACL2 language for which there is no loss of semantic correctness. This seemingly restricted translator turned out to be a promising approach for combining ACL2 and VHDL testing/verification tools. This paper discusses the details of the translator and the bitvector libraries used in the translatable ACL2 functions. 1
A Trustworthy, Extensible Theorem Prover Ph.D. Dissertation Proposal
"... 2.1 Formal verification........................ 3 2.2 Our choice of logic........................ 4 ..."
Abstract
 Add to MetaCart
2.1 Formal verification........................ 3 2.2 Our choice of logic........................ 4
Mechanized Operational Semantics: The M Story
"... In this paper we explain how to formalize an “operational” or “statetransition” semantics of a von Neumann programming language in a functional programming language. By adopting an “interpretive” style, one can execute the model in the functional language to “run” programs in the von Neumann langua ..."
Abstract
 Add to MetaCart
In this paper we explain how to formalize an “operational” or “statetransition” semantics of a von Neumann programming language in a functional programming language. By adopting an “interpretive” style, one can execute the model in the functional language to “run” programs in the von Neumann language. Given the ability to reason about the functional language, one can use the model to reason about programs in the von Neumann language. In theory at least, such a formal semantics thus has a dual use: as a simulation engine and as an axiomatic basis for code proofs. The beauty of this approach is that no more logical machinery is needed than to support execution and proof in a functional language: no new program logics and no new metalogical tools like “verification condition generators” are needed. In this paper we will illustrate the techniques by formalizing a simple programming language called “M1,” for “Machine (or Model) 1.” It is loosely based on the Java Virtual Machine but has been simplified for pedagogical purposes. We will demonstrate the executability of M1 models. We will develop several styles of code proofs, including direct (symbolic simulation) proofs based on BoyerMoore “clock functions” and FloydHoare inductive assertion proofs. We construct proofs only for the the simplest of programs, namely an iterative factorial example. But to illustrate a more realistic use of the model, we discuss the correctness proof for an M1 implementation of the BoyerMoore fast string searching algorithm. We also define a compiler for a higher level language called “J1” and show how to do proofs about J1 code without benefit of a formal semantics for that code. Throughout we use the ACL2 logic and theorem proving system.
A Semantics of Python in Isabelle/HOL
, 2008
"... As computers are deployed in increasingly diverse, numerous, and critical roles, the need for confidence in their hardware and software becomes more acute. Often, however, computer technologies, such as programming languages, lack a sufficiently formal definition to allow rigorous mathematical analy ..."
Abstract
 Add to MetaCart
As computers are deployed in increasingly diverse, numerous, and critical roles, the need for confidence in their hardware and software becomes more acute. Often, however, computer technologies, such as programming languages, lack a sufficiently formal definition to allow rigorous mathematical analysis of their properties. Even in cases where a formal definition is available, the theorems to be proven and the definition itself tend to have many cases and many details that are easily overlooked when writing a proof by hand. This has created interest in the mechanization of the proof process through the use of automated proof assistants. In this report, we develop a formal definition for a programming language called IntegerPython, which is a subset of the Python language that supports integers, booleans, global variables, loops, modules, and nested functions. The definition takes the form of an operational semantics on a CEKS machine, which we embed in the Isabelle/HOL mechanized logic. We then prove an invariant of the CEKS machine in Isabelle/HOL. The report concludes with strategies for the efficient, executable implementation of the IntegerPython semantics and its extension into a semantics of