This paper presents the formal verification of a compiler front-end that translates a subset of the C language into the Cminor intermediate language. The semantics of the source and target languages as well as the translation between them have been written in the specification language of the Coq proof assistant. The proof of observational semantic equivalence between the source and generated code has been machine-checked using Coq. An executable compiler was obtained by automatic extraction of executable Caml code from the Coq specification of the translator, combined with a certified compiler back-end generating PowerPC assembly code from Cminor, described in previous work.

Abstract not found

Abstract not found

In this paper we introduce a new research effort in making abstract state machines executable. The aim is to specify and implement an execution engine for a language that is as close as possible to the mathematical definition of pure ASM. The paper presents the general architecture of the engine, together with a high-level description of the extensibility mechanisms that are used by the engine to accommodate arbitrary backgrounds, scheduling policies, and new rule forms.

We present a high-level Abstract State Machine model of C# threads and the .NET memory model. We focus on purely managed, fully portable threading features of C#. The sequential model interleaves the computation steps of the currently running threads and is suitable for uniprocessors. The parallel model addresses problems of true concurrency on multiprocessor systems. The models provide a sound basis for the development of multi-threaded applications in C#. The thread and memory models complete the abstract operational semantics of C# in [2].

Modern object-oriented languages support higher-order implementations through function objects such as delegates in C#, agents in Eiffel, or function objects in Scala. Function objects bring a new level of abstraction to the object-oriented programming model, and require a comparable extension to specification and verification techniques. We introduce a verification methodology that equips each function object with side-effect free (pure) methods for its pre- and postcondition, respectively. These pure methods can be used to specify client code relatively to the contract of the function object. We demonstrate the expressiveness of our approach through several non-trivial examples. It can be combined with any verification technique that supports pure methods, as illustrated by our experiments with Spec#.

state machines executable. The aim is to specify and implement an execution engine for a language that is as close as possible to the mathematical definition of pure ASM. We present the general architecture of the engine, together with a high-level description of the extensibility mechanisms that are used by the engine to accommodate arbitrary backgrounds, scheduling policies, and new rule forms. 1

From the models provided in [11] and [4] for the semantics of Java and C♯ programs we abstract the mathematical structure that underlies the semantics of both languages. The resulting model reveals the kernel of object-oriented programming language constructs and can be used for teaching them without being bound to a particular language. It also allows us to identify precisely some of the major differences between Java and C♯.

... State Machines [BS03, Gur95] (ASMs) and a suitable method for verifying security properties of such protocols. The main part of this article describes the structure of the protocol-ASM and all its relevant parts. Integrated in the ASM are all relevant aspects of the scenario: The agents participating in the application (static and dynamic aspects), the attacker and the possible communication between all those involved in the application. Our modeling technique enables an attacker model exactly tailored to the application under consideration, instead of only an attacker similar to the Dolev-Yao model. We also introduce a proof technique for security properties of the protocols. Properties are proved in the KIV system using symbolic execution and invariants. Our formal approach is exemplified with a small e-commerce application. We use an electronic wallet to demonstrate the ASM-based protocol model and we also show how the proof obligations of some of the security properties look like.

The versatility and wide applicability of the Abstract State Machines Method for the design and the analysis of computational systems has not yet been fully exploited for teaching. We suggest to use it for introducing basic algorithmic concepts in a succinct and uniform way, which makes the definitions adoptable in traditionally unrelated courses, covering the full range of computing science curricula from computation theory to the engineering of software systems.