A High-Level Certification Language for Automatically Generated Code
نویسندگان
چکیده
Program verification using Hoare-style techniques requires many logical annotations. We have previously shown that a generic annotation inference algorithm can be used to weave in all annotations required to certify safety properties for automatically generated code. The algorithm is implemented as part of our AUTOCERT system. It uses patterns to capture generatorand property-specific code idioms and property-specific meta-program fragments to construct the annotations. It is customized by specifying the code patterns and integrating them with the meta-program fragments for annotation construction. However, the latter part has so far involved tedious and error-prone low-level term manipulations, which has made customization difficult. Here, we describe an annotation schema compiler that simplifies and largely automates this customization task. It takes a collection of high-level declarative annotation schemas tailored towards a specific code generator and safety property, and generates all glue code required for interfacing with the generic algorithm core, thus effectively creating a customized annotation inference algorithm. The compiler raises the level of abstraction and simplifies schema development and maintenance. It also takes care of some more routine aspects of formulating patterns and schemas, in particular handling of irrelevant program fragments and irrelevant variance in the program structure, which reduces the size, complexity, and number of different patterns and annotation schemas that are required. This paper further contributes to developing a declarative and generative approach to logical annotations. The improvements described here make it easier and faster to customize the system to a new safety property or a new generator. We have been able to show different properties for a variety of programs generated by our AUTOBAYES and AUTOFILTER generators. We have also applied AUTOCERT to code derived from MathWorks Real-Time Workshop, and show some initial results.
منابع مشابه
A Program Certification Assistant Based on Fully Automated Theorem Provers
We describe a certification assistant to support formal safety proofs for programs. It is based on a graphical user interface that hides the lowlevel details of first-order automated theorem provers while supporting limited interactivity: it allows users to customize and control the proof process on a high level, manages the auxiliary artifacts produced during this process, and provides traceab...
متن کاملBuilding Certified Libraries for PCC: Dynamic Storage Allocation
Proof-Carrying Code (PCC) allows a code producer to provide to a host a program along with its formal safety proof. The proof attests a certain safety policy enforced by the code, and can be mechanically checked by the host. While this language-based approach to code certification is very general in principle, existing PCC systems have only focused on programs whose safety proofs can be automat...
متن کاملFormal Safety Certification of Aerospace Software
In principle, formal methods offer many advantages for aerospace software development: they can help to achieve ultra-high reliability, and they can be used to provide evidence of the reliability claims which can then be subjected to external scrutiny. However, despite years of research and many advances in the underlying formalisms of specification, semantics, and logic, formal methods are not...
متن کاملResource Usage Analysis and Its Application to Resource Certification
Resource usage is one of the most important characteristics of programs. Automatically generated information about resource usage can be used in multiple ways, both during program development and deployment. In this paper we discuss and present examples on how such information is obtained in COSTA, a state of the art static analysis system. COSTA obtains safe symbolic upper bounds on the resour...
متن کاملDeriving Safety Cases for the Formal Safety Certification of Automatically Generated Code
We present an approach to systematically derive safety cases for automatically generated code from information collected during a formal, Hoare-style safety certification of the code. We use a generic safety case that is instantiated with respect to the certified safety property and the program. It is complemented by a static system safety case that argues the safety of the framework itself, in...
متن کامل