A mechanically verified verification condition generator

Homeier, Peter V.; Martin, David F.

doi:10.1093/comjnl/38.2.131

Cited by 33 publications

(13 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [6], for example, an HOL proof of the correctness of a VCG for a simple procedural language is described. The work includes support for mutually recursive procedures.…”

Section: Related Work and Discussionmentioning

confidence: 99%

Inductive assertions and operational semantics

Moore

2006

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Abstract. This paper shows how classic inductive assertions can be used in conjunction with an operational semantics to prove partial correctness properties of programs. The method imposes only the proof obligations that would be produced by a verification condition generator but does not require the definition of a verification condition generation. The paper focuses on iterative programs but recursive programs are briefly discussed. Assertions are attached to the program by defining a predicate on states. This predicate is then "completed" to an alleged invariant by the definition of a partial function defined in terms of the state transition function of the operational semantics. If this alleged invariant can be proved to be an invariant under the state transition function, it follows that the assertions are true every time they are encountered in execution and thus that the post-condition is true if reached from a state satisfying the pre-condition. But because of the manner in which the alleged invariant is defined, the verification conditions are sufficient to prove invariance. Indeed, the "natural" proof generates the classical verification conditions as subgoals. The invariant function may be thought of as a state-based verification condition generator for the annotated program. The method allows standard inductive assertion style proofs to be constructed directly in an operational semantics setting. The technique is demonstrated by proving the partial correctness of simple bytecode programs with respect to a pre-existing operational model of the Java Virtual Machine. SummaryThis paper connects two well-known approaches to program verification: operational semantics and inductive assertions. The paper shows how one can adopt the clarity and concreteness of a formal operational semantics while incurring just the proof obligations of the inductive assertion method, without writing a verification condition generator or other extra-logical tool. In particular, the formal definition of the state transition function can be used directly to generate verification conditions for annotated programs.In this section the idea is presented in the abstract. Some details are skipped and a deliberate confusion of states with formulas is perpetrated to convey the basic idea. Subsequently, the method is applied to a particular formal operational

show abstract

“…In [6], for example, an HOL proof of the correctness of a VCG for a simple procedural language is described. The work includes support for mutually recursive procedures.…”

Section: Related Work and Discussionmentioning

confidence: 99%

Inductive assertions and operational semantics

Moore

2006

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…Our work fills this gap. Among deep-embedding-based approaches, the SunRise system of Homeier et al [16,17] is probably the first certified program verifier, and uses a deep embedding in the HOL proof environment. They formalize a core language and its operational semantics, and prove correct a set of Hoare-style deduction rules.…”

Section: Conclusion Related Work and Perspectivesmentioning

confidence: 99%

“…The first kind is characterized by the use of a deep embedding of the input programming language in a general purpose proof assistant. One of the earlier work of this kind is done in the SunRise system in 1995 [16] where a simple imperative language is defined in HOL, with a formal operational semantics. A set of Hoare-style deduction rules are then shown valid.…”

Section: Introductionmentioning

confidence: 99%

A Certified Multi-prover Verification Condition Generator

Herms

Marché

Monate

2012

Verified Software: Theories, Tools, Experiments

View full text Add to dashboard Cite

Deduction-based software verification tools have reached a maturity allowing them to be used in industrial context where a very high level of assurance is required. This raises the question of the level of confidence we can grant to the tools themselves. We present a certified implementation of a verification condition generator. An originality is its genericity with respect to the logical context, which allows us to produce proof obligations for a large class of theorem provers. This implementation is conducted within the Coq proof assistant, and is crafted so that it can be extracted into a standalone executable, independent of Coq, which is another originality.

show abstract

“…Operational models have also been used in program verification in HOL (Gordon and Melham, 1993) and PVS (Owre et al, 1992). In HOL, Homeier and Martin (1995) have developed a verification system called Sunrise with a model of a small programming language; Norrish (1998) has developed an operational formalization of C. In Isabelle, Strecker has used an operational semantics to formalize Java and the JVM (Strecker, 2002). Recently Fox (2003) has formalized an operational model of the ARM6 processor ISA in HOL.…”

Section: Related Workmentioning

confidence: 99%

A Mechanical Analysis of Program Verification Strategies

et al. 2008

View full text Add to dashboard Cite

Abstract.We analyze three proof strategies commonly used in deductive verification of deterministic sequential programs formalized with operational semantics. The strategies are: (i) stepwise invariants, (ii) clock functions, and (iii) inductive assertions. We show how to formalize the strategies in the logic of the ACL2 theorem prover. Based on our formalization, we prove that each strategy is both sound and complete. The completeness result implies that given any proof of correctness of a sequential program one can derive a proof in each of the above strategies. The soundness and completeness theorems have been mechanically checked with ACL2.

show abstract

A mechanically verified verification condition generator

Cited by 33 publications

References 0 publications

Inductive assertions and operational semantics

Inductive assertions and operational semantics

A Certified Multi-prover Verification Condition Generator

A Mechanical Analysis of Program Verification Strategies

Contact Info

Product

Resources

About