Results 1  10
of
16
A Brief Overview of HOL4
 In Theorem Proving in Higher Order Logics, TPHOLs
, 2008
"... Abstract. The HOL4 proof assistant supports specification and proof in classical higher order logic. It is the latest in a long line of similar systems. In this short overview, we give an outline of the HOL4 system and how it may be applied in formal verification. 1 ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
Abstract. The HOL4 proof assistant supports specification and proof in classical higher order logic. It is the latest in a long line of similar systems. In this short overview, we give an outline of the HOL4 system and how it may be applied in formal verification. 1
The Semantics of Power and ARM Multiprocessor Machine Code
"... We develop a rigorous semantics for Power and ARM multiprocessor programs, including their relaxed memory model and the behaviour of reasonable fragments of their instruction sets. The semantics is mechanised in the HOL proof assistant. This should provide a good basis for informal reasoning and for ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
(Show Context)
We develop a rigorous semantics for Power and ARM multiprocessor programs, including their relaxed memory model and the behaviour of reasonable fragments of their instruction sets. The semantics is mechanised in the HOL proof assistant. This should provide a good basis for informal reasoning and formal verification of lowlevel code for these weakly consistent architectures, and, together with our x86 semantics, for the design and compilation of highlevel concurrent languages.
Verified JustInTime Compiler on x86
"... This paper presents a method for creating formally correct justintime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of selfmodifying x86 machine code. Our semantics inclu ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
This paper presents a method for creating formally correct justintime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of selfmodifying x86 machine code. Our semantics includes a model of the instruction cache. Two versions of the verified JIT compiler are presented: one generates all of the machine code at once, the other one is incremental i.e. produces code ondemand. All proofs have been performed inside the HOL4 theorem prover.
Extensible proofproducing compilation
 In 18th International Conference on Compiler Construction (CC) (2009
"... Abstract. This paper presents a compiler which produces machine code from functions defined in the logic of a theorem prover, and at the same time proves that the generated code executes the source functions. Unlike previously published work on proofproducing compilation from a theorem prover, our ..."
Abstract

Cited by 13 (9 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a compiler which produces machine code from functions defined in the logic of a theorem prover, and at the same time proves that the generated code executes the source functions. Unlike previously published work on proofproducing compilation from a theorem prover, our compiler provides broad support for userdefined extensions, targets multiple carefully modelled commercial machine languages, and does not require termination proofs for input functions. As a case study, the compiler is used to construct verified interpreters for a small LISPlike language. The compiler has been implemented in the HOL4 theorem prover. 1
Formal verification of machinecode programs
, 2009
"... Formal program verification provides mathematical means of increasing assurance for the correctness of software. Most approaches to program verification are either fully automatic and prove only weak properties, or alternatively are manual and labour intensive to apply; few target realistically mode ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Formal program verification provides mathematical means of increasing assurance for the correctness of software. Most approaches to program verification are either fully automatic and prove only weak properties, or alternatively are manual and labour intensive to apply; few target realistically modelled machine code. The work presented in this dissertation aims to ease the effort required in proving properties of programs on top of detailed models of machine code. The contributions are novel approaches for both verification of existing programs and methods for automatically constructing correct code. For program verification, this thesis presents a new approach based on translation: the problem of proving properties of programs is reduced, via fullyautomatic deduction, to a problem of proving properties of recursive functions. The translation from programs to recursive functions is shown to be implementable in a theorem prover both for simple whileprograms as well as real machine code. This verificationaftertranslation approach has several advantages over established approaches of verification condition generation. In particular, the new approach does not require annotating the program with assertions. More
Practical tactics for separation logic
 In TPHOLs, volume 5674 of LNCS
, 2009
"... Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard logic of a proof assistant. We have developed tactics for the simplification, rearranging, splitting, matching and rewriting of separation logic assertions as well as the discharging of a program verification condition using a separation logic description of the machine state. We have implemented our tactics in the Coq proof assistant, applying them to a deep embedding of Cminor, a Clike intermediate language used by Leroy’s verified CompCert compiler. We have used our tactics to verify the safety and completeness of a Cheney copying garbage collector written in Cminor. Our ideas should be applicable to other substructural logics and imperative languages. 1
ARMor: Fully Verified Software Fault Isolation
"... We have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, lesstrusted components. ARMorguaranteesmem ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
We have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, lesstrusted components. ARMorguaranteesmemory safety andcontrol flow integrity; it worksbyrewritingabinaryto putacheckin frontof every potentially dangerous operation. We formally and automatically verify that an ARMored application respects the SFI safety properties using the HOL theorem prover. Thus, ARMor provides strong isolation guarantees and has an exceptionally small trusted computing base—there is no trusted compiler, binary rewriter, verifier, or operating system.
Validated Compilation through Logic
"... Abstract. To reason about programs written in a language, one needs to define its formal semantics, derive a reasoning mechanism (e.g. a program logic), and maximize the proof automation. Unfortunately, a compiler may involve multiple languages and phases; it is tedious and error prone to do so for ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract. To reason about programs written in a language, one needs to define its formal semantics, derive a reasoning mechanism (e.g. a program logic), and maximize the proof automation. Unfortunately, a compiler may involve multiple languages and phases; it is tedious and error prone to do so for each language and each phase. We present an approach based on the use of higher order logic to ease this burden. All the Intermediate Representations (IRs) are special forms of the logic of a prover such that IR programs can be reasoned about directly in the logic. We use this technique to construct and validate an optimizing compiler. New techniques are used to compilewithproof all the programs into the logic, e.g. a logic specification is derived automatically from the monad interpretation of a piece of assembly code. 1
Reusable verification of a copying collector
"... Abstract. Garbage collectors are very hard to implement correctly due to their lowlevel manipulation of memory. In this paper, we construct a copying garbage collector which we have proved to be functionally correct. Our verification proof is structured as a sequence of refinements to aid clarity a ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Garbage collectors are very hard to implement correctly due to their lowlevel manipulation of memory. In this paper, we construct a copying garbage collector which we have proved to be functionally correct. Our verification proof is structured as a sequence of refinements to aid clarity and proof reuse; it is the first to map implementations into three different machine languages and, unlike some noteworthy published proofs, our verified implementations of memory allocation handle termination and the ‘outofmemory ’ case properly. The work presented here has been developed in the HOL4 theorem prover. 1
Transforming programs into recursive functions
 In Brazilian Symposium on Formal Methods (SBMF 2008), volume 240 of ENTCS
, 2009
"... This paper presents a new proofassistant based approach to program verification: programs are translated, via fullyautomatic deduction, into tailrecursive function defined in the logic of a theorem prover. This approach improves on wellestablished methods based on Hoare logic and verification co ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
This paper presents a new proofassistant based approach to program verification: programs are translated, via fullyautomatic deduction, into tailrecursive function defined in the logic of a theorem prover. This approach improves on wellestablished methods based on Hoare logic and verification condition generation (VCG) by removing the need to annotate programs with assertions, making the proof natural to the theorem prover and being easier to implement than a trusted VCG. Our tool has been implemented in the HOL4 theorem prover. Keywords: program verification, theorem proving. 1