A Certified Multi-prover Verification Condition Generator
نویسندگان
چکیده
Deduction-based software verification tools have reached a maturity allowing them to be used in industrial context where a very high level of assurance is required. This raises the question of the level of confidence we can grant to the tools themselves. We present a certified implementation of a verification condition generator. An originality is its genericity with respect to the logical context, which allows us to produce proof obligations for a large class of theorem provers. This implementation is conducted within the Coq proof assistant, and is crafted so that it can be extracted into a standalone executable, independent of Coq, which is another originality. Key-words: Deductive Verification, Weakest Precondition Calculus, Coq Proof Assistant This work is partly supported by the U3CAT (ANR-08-SEGI-021, http://frama-c.com/u3cat/) project of the French national research organization (ANR) ∗ CEA, LIST, Lab. de Sûreté du Logiciel, Gif-sur-Yvette F-91191 † INRIA Saclay Île-de-France, F-91893 ‡ Lab. de Recherche en Informatique, Univ Paris-Sud, CNRS, Orsay, F-91405 ha l-0 06 39 97 7, v er si on 1 10 N ov 2 01 1 Un générateur d’obligations de preuve certifié et multi-prouveurs Résumé : Les outils de vérification de programme basés sur la preuve ont atteint un nouveau de maturité permettant leur utilisation dans un contexte industriel où un haut niveau de confiance est requis. Cela soulève la question du niveau de confiance que l’on peut mettre dans les outils euxmêmes. Nous décrivons une implémentation certifiée d’un générateur d’obligations de preuve. Une originalité est sa généricité vis-à-vis du contexte logique, permettant de générer des obligations pour une grande famille de prouveurs. Cette implémentation est réalisée avec l’assistant à la preuve Coq, et est conçue dans l’optique d’en extraire un exécutable indépendant de Coq, garantit correct, ce qui est un autre originalité. Mots-clés : Vérification déductive, calcul de plus faible pré-condition, assistant de preuve Coq ha l-0 06 39 97 7, v er si on 1 10 N ov 2 01 1 A Certified Multi-prover Verification Condition Generator 3
منابع مشابه
Verified proof carrying code
Proof Carrying Code (PCC) is a technique to exclude safety errors in low level code. Instead of runtime tests, it statically checks a proof of safety (a certificate) attached to the code. To guarantee that PCC only accepts safe code, we formalise and verify it in Isabelle/HOL, an interactive theorem prover for higher order logic. In an abstract framework we identify key components and their int...
متن کاملVerification Condition Generation Via Theorem Proving
We present a method to convert (i) an operational semantics for a given machine language, and (ii) an off-the-shelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a cu...
متن کاملVerification of sequential imperative programs in Isabelle-HOL
Thepurpose of this thesis is to create a verification environment for sequential imperative programs. First a general language model is proposed, which is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expre...
متن کاملAn Overview of the Extended Static Checking System
The Extended Static Checking system (henceforth ESC) is a checker aimed at statically detecting simple errors in programs; e.g., NIL dereferences, out-of-bounds array indices, or simple deadlocks or race conditions in concurrent programs. ESC attempts to achieve these fairly modest goals using a quite general program verification framework. The user annotates the program being checked with spec...
متن کاملProvably Correct Graph Transformations with Small-tALC
We present a prototype for executing and verifying graph transformations. The transformations are written in a simple imperative programming language, and preand post-conditions as well as loop invariants are specified in the Description Logic ALC (whence the name of the tool). The programming language has a precisely defined operational semantics and a sound Hoare-style calculus. The tool cons...
متن کامل