Results 1  10
of
14
Proofdirected debugging and repair
 Seventh Symposium on Trends in Functional Programming
, 2006
"... We describe a project to refine the idea of proofdirected debugging. The intention is to clarify the mechanisms by which failed verification attempts can be used to isolate errors in code, in particular by exploiting the ways in which the branching structure of a proof can match the the structure o ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
We describe a project to refine the idea of proofdirected debugging. The intention is to clarify the mechanisms by which failed verification attempts can be used to isolate errors in code, in particular by exploiting the ways in which the branching structure of a proof can match the the structure of the functional program being verified. Our intention is to supply tools to support this process. We then further discuss how the proof planning paradigm might be used to supply additional automated support for this and, in particular ways in which the automation of proofdirected debugging with proof planning would allows code patches to by synthesised at the same time that a bug is located and diagnosed. 1
Invariant Patterns for Program Reasoning
"... We address the problem of integrating standard techniques for automatic invariant generation within the context of program reasoning. We propose the use of invariant patterns which enable us to associate common patterns of program code and specifications with invariant schemas. This allows crucial d ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We address the problem of integrating standard techniques for automatic invariant generation within the context of program reasoning. We propose the use of invariant patterns which enable us to associate common patterns of program code and specifications with invariant schemas. This allows crucial decisions relating to the development of invariants to be delayed until a proof is attempted. Moreover, it allows patterns within the program to be exploited in patching failed proof attempts.
ContextMoving Transformations for Function Verification
, 1999
"... Several induction theorem provers have been developed which support mechanized verification of functional programs. Unfortunately, a major problem is that they often fail in verifying tail recursive functions (which correspond to imperative programs). However, in practice imperative programs are ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Several induction theorem provers have been developed which support mechanized verification of functional programs. Unfortunately, a major problem is that they often fail in verifying tail recursive functions (which correspond to imperative programs). However, in practice imperative programs are used almost exclusively. We present an automatic transformation to tackle this problem. It transforms functions which are hard to verify into functions whose correctness can be shown by the existing provers. In contrast to classical program transformations, the aim of our technique is not to increase efficiency, but to increase veriability. Therefore, this paper introduces a novel application area for program transformations and it shows that such techniques can in fact solve some of the most urgent current challenge problems in automated verification and induction theorem proving.
H.: Finding counter examples in induction proofs
, 2008
"... Abstract. This paper addresses a problem arising in automated proof of invariants of transition systems, for example transition systems modelling distributed programs. Most of the time, the actual properties we want to prove are too weak to hold inductively, and auxiliary invariants need to be intro ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. This paper addresses a problem arising in automated proof of invariants of transition systems, for example transition systems modelling distributed programs. Most of the time, the actual properties we want to prove are too weak to hold inductively, and auxiliary invariants need to be introduced. The problem is how to find these extra invariants. We propose a method where we find minimal counter examples to candidate invariants by means of automated random testing techniques. These counter examples can be inspected by a human user, and used to adapt the set of invariants at hand. We are able to find two different kinds of counter examples, either indicating (1) that the used invariants are too strong (a concrete trace of the system violates at least one of the invariants), or (2) that the used invariants are too weak (a concrete transition of the system does not maintain all invariants). We have developed and evaluated our method in the context of formally verifying an industrialstrength implementation of a faulttolerant distributed leader election protocol. 1
Deaccumulation — Improving Provability
 Asian Computing Science Conference
, 2003
"... Several induction theorem provers were developed to verify functional programs mechanically. Unfortunately, automated verification usually fails for functions with accumulating arguments. In particular, this holds for tailrecursive functions that correspond to imperative programs, but also for prog ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Several induction theorem provers were developed to verify functional programs mechanically. Unfortunately, automated verification usually fails for functions with accumulating arguments. In particular, this holds for tailrecursive functions that correspond to imperative programs, but also for programs with nested recursion. Based on results from the theory of tree transducers, we develop an automatic transformation technique. It transforms accumulative functional programs into nonaccumulative ones, which are much better suited for automated verification by induction theorem provers. Hence, in contrast to classical program transformations aiming at improving the e#ciency, the goal of our deaccumulation technique is to improve the provability.
Planning and patching proof
 ARTIFICIAL INTELLIGENCE AND SYMBOLIC COMPUTATION
, 2004
"... We describe proof planning: a technique for both describing the hierarchical structure of proofs and then using this structure to guide proof attempts. When such a proof attempt fails, these failures can be analyzed and a patch formulated and applied. We also describe rippling: a powerful proof met ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We describe proof planning: a technique for both describing the hierarchical structure of proofs and then using this structure to guide proof attempts. When such a proof attempt fails, these failures can be analyzed and a patch formulated and applied. We also describe rippling: a powerful proof method used in proof planning. We pose and answer a number of common questions about proof planning and rippling.
Refinement and Term Synthesis in Loop Invariant Generation
 2nd International Workshop on Invariant Generation (WING’09
, 2009
"... We present a technique for refining incorrect or insufficiently strong loop invariants in correctness proofs for imperative programs. We rely on previous work [16] in combining program analysis and Proof Planning, and exploit IsaPlanner’s use of metavariables and goalnaming to generate correct loo ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We present a technique for refining incorrect or insufficiently strong loop invariants in correctness proofs for imperative programs. We rely on previous work [16] in combining program analysis and Proof Planning, and exploit IsaPlanner’s use of metavariables and goalnaming to generate correct loop invariants. We present a simple example in detail and discuss how this might scale to more complex problems. 1
Deaccumulation Techniques for Improving Provability ∗
"... Several induction theorem provers were developed to verify functional programs mechanically. Unfortunately, automatic verification often fails for functions with accumulating arguments. Using concepts from the theory of tree transducers and extending on earlier work, the paper develops automatic tra ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Several induction theorem provers were developed to verify functional programs mechanically. Unfortunately, automatic verification often fails for functions with accumulating arguments. Using concepts from the theory of tree transducers and extending on earlier work, the paper develops automatic transformations from accumulative functional programs into nonaccumulative ones, which are much better suited for mechanized verification. The overall goal is to reduce the need for generalizing induction hypotheses in (semi)automatic provers. Via the correspondence between imperative programs and tailrecursive functions, the presented approach can also help to reduce the need for inventing loop invariants in the verification of imperative programs. 1
Generating Counterexamples for Structural Inductions by Exploiting Nonstandard Models
"... Abstract. Induction proofs often fail because the stated theorem is noninductive, in which case the user must strengthen the theorem or prove auxiliary properties before performing the induction step. (Counter)model finders are useful for detecting nontheorems, but they will not find any counterexa ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Induction proofs often fail because the stated theorem is noninductive, in which case the user must strengthen the theorem or prove auxiliary properties before performing the induction step. (Counter)model finders are useful for detecting nontheorems, but they will not find any counterexamples for noninductive theorems. We explain how to apply a wellknown concept from firstorder logic, nonstandard models, to the detection of noninductive invariants. Our work was done in the context of the proof assistant Isabelle/HOL and the counterexample generator Nitpick. 1
USENIX Association
 In Proceedings of the 10th USENIX Security Symposium
, 1997
"... Buffer overflow attacks may be today's single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic ..."
Abstract
 Add to MetaCart
Buffer overflow attacks may be today's single most important security threat. This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses. This paper describes an implementation of our approach that extends the LCLint annotationassisted static checking tool. Our tool is as fast as a compiler and nearly as easy to use. We present experience using our approach to detect buffer overflow vulnerabilities in two securitysensitive programs.