Abstract not found

contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of Computational Logic, Inc., the Defense Advanced Research Projects Agency or the U.S. Government. This paper briefly describes a programming language, its implementation on a microprocessor via a compiler and link-assembler, and the mechanically checked proof of the correctness of the implementation. The programming language, called Piton, is a high-level assembly language designed for verified applications and as the target language for high-level language compilers. It provides execute-only programs, recursive subroutine call and return, stack based parameter passing, local variables, global variables and arrays, a user-visible stack for intermediate results, and seven abstract data types including integers, data addresses, program addresses and subroutine names. Piton is formally specified by an interpreter written for it in the computational logic of Boyer and Moore. Piton has been implemented on the FM8502, a general purpose microprocessor whose gate-level design has been mechanically proved to implement its machine code interpreter. The FM8502 implementation of Piton is via a function in the Boyer-Moore logic which maps a Piton initial state into an FM8502 binary core image. The compiler and link-assembler are all defined as functions in the logic. The implementation requires approximately 36K bytes and 1,400 lines of prettyprinted source code in the Pure Lisp-like syntax of the logic. The implementation has been mechanically proved correct. In particular, if a Piton state can be run to completion without error, then the final values of all the global data structures can be ascertained from an inspection of an FM8502 core image obtained by running the core image produced by the compiler and link-assembler. Thus, verified Piton programs running on FM8502 can be thought of as having been verified down to the gate level. 1.

The refinement calculus for the development of programs from specifications is well suited to mechanised support. We review the requirements for tool support of refinement as gleaned from our experience with a number of existing refinement tools, and report on the design and implementation of a new tool to support refinement based on these requirements. The main features of the new tool are close integration of refinement and proof in a single tool (the same mechanism is used for both), good management of the refinement context, an extensible theory base that allows the tool to be adapted to new application domains, and a flexible user interface.

Reverse-engineering application codes back to the design and specification stage may entail the recreation of lost information for an application, or the extraction of new information. We describe techniques which produce abstractions in object-oriented and functional notations, thus aiding the comprehension of the essential structure and operations of the application, and providing formal design information which may make the code much more maintainable and certainly more respectable. The two types of application considered here are (1) data processing applications written in Cobol -- of primary importance due to their pre-dominance in present computing practice -- and (2) scientific applications written in Fortran. These two require somewhat different abstraction approaches. 1 Introduction The Programming Research Group at Oxford University is participating in the ESPRIT II project REDO 1 on the Maintenance, Validation and Documentation of Software Systems. As part of this proje...

We present a technique for automating the discovery of loop invariants based upon the analysis of failed proof attempts. Previously we have shown how failure analysis may be used productively in the search for inductive proofs. This work had direct application to the verification of functional programs. Here we show how these ideas can also play an important role in the formal verification of imperative programs. While presented as an automatic technique we believe that our approach may be easily integrated within an interactive proof environment.

Software maintenance is an important area in practical software engineering that has been largely overlooked by many theoretical computer scientists. This paper gives an overview of some formal techniques that have been developed recently to aid the software maintenance process, and in particular reverse engineering and re-engineering. In the future, it is suggested that specifications rather than programs should be maintained. The work described provides a mathematical basis to a large collaborative project that has been investigating many other aspects of software maintenance as well.

This paper outlines a new approach to construction and verification of software, developed in response to identified industrial needs for a formal development method which does not require the user to be an expert in mathematical logic. The approach is based on a framework which allows formal verification to be performed off-line or consigned to automated tools, thereby allowing the software engineer to concentrate instead on the design and development of useable, efficient pieces of software. 1 Introduction Formal verification of software is often regarded as a difficult, time-consuming task requiring esoteric mathematical skills. This paper introduces a new approach to the construction of formally verified software --- called Care, for Computer Assisted Refinement Engineering --- which aims to bring formal verification within the reach of software engineers trained in formal specification, without requiring them to be experts in formal mathematics. 1.1 Motivation Before exp...

In earlier papers a critic for automatically generalizing conjectures in the context of failed inductive proofs was presented. The critic exploits the partial success of the search control heuristic known as rippling. Through empirical testing a natural generalization and extension of the basic critic emerged. Here we describe our extended generalization critic together with some promising experimental results. 1 Introduction A major obstacle to the automation of proof by mathematical induction is the need for generalization. A generalization is underpinned by the cut-rule of inference. In a goal-directed framework, therefore, a generalization introduces an infinite branching point into the search space. It is known [13] that the cut-elimination theorem does not hold for inductive theories. Consequently heuristics for controlling generalization play an important role in the automation of inductive proof. There are a number of different kinds of generalization. In this paper we present...

s and compressed postscript files are available via http://svrc.it.uq.edu.au Using CARE to Construct Verified Software Peter Lindsay David Hemer Abstract The CARE project investigated integration of wellunderstood formal development principles into an industrial organisation's software development methodology. The result was a method for construction and verification of programs from formal specifications, using libraries of preproven, formally specified components. Tools help the user build products by selecting and instantiating components to fit the problem at hand, and generating and discharging correctness-of-fit proof obligations. This paper illustrates the method on part of the development of a software module for logging events in a medical embedded device. Keywords formal methods, program development, software verification, refinement 1 1. Introduction 1.1. Motivation Formal specification techniques are currently being used in industry mainly to offer improved unders...

This report gives an overview of the work performed by the Programming Research Group as part of the European collaborative ESPRIT II "REDO" project (no. 2487). This work covered the areas of reverse-engineering: redocumentation and re-engineering; validation: post-hoc verification and generation of correct code from specifications; maintenance: new languages and methods to support maintenance. Research in areas of concurrent programming and decompilation were also performed.