Continuous Reasoning

O’Hearn, Peter W.

doi:10.1145/3209108.3209109

Cited by 62 publications

(4 citation statements)

References 70 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Following continuous reasoning practice [19], our proofs are integrated into the CI process for AWS-LC. We do not expect this code to change, but we have adopted this practice as part of a larger AWS-LC assurance effort, including code which does change more often.…”

Section: Results and Lessons Learnedmentioning

confidence: 99%

“…Our objective in this project was to verify the cryptographic code which is actually deployed, and to ensure it stays verified as it changes over time 2 . To do this, we used continuous reasoning, a term due to Peter O'Hearn [19]. In continuous reasoning, there is a tight connection between code, software engineering process, and verification tools.…”

Section: Project Design Constraintsmentioning

confidence: 99%

See 1 more Smart Citation

Verified Cryptographic Code for Everybody

Boston

Breese

Dodds

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We have completed machine-assisted proofs of two highly-optimized cryptographic primitives, AES-256-GCM and SHA-384. We have verified that the implementations of these primitives, written in a mix of C and x86 assembly, are memory safe and functionally correct, by which we mean input-output equivalent to their algorithmic specifications. Our proofs were completed using SAW, a bounded cryptographic verification tool which we have extended to handle embedded x86. The code we have verified comes from AWS LibCrypto. This code is identical to BoringSSL and very similar to OpenSSL, from which it ultimately derives. We believe we are the first to formally verify these implementations, which protect the security of nearly everybody on the internet.

show abstract

Section: Results and Lessons Learnedmentioning

confidence: 99%

Section: Project Design Constraintsmentioning

confidence: 99%

Verified Cryptographic Code for Everybody

Boston

Breese

Dodds

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…For large software systems, the verification effort to completely re-check the entire software from scratch might be too high, and is largely wasted if, as is often the case, the changes are small [25]. Continuous software verification plays an important role to determine which parts of a given software system need to be re-verified by obtaining information from previous verification runs [10].…”

Section: Equivalence Checkingmentioning

confidence: 99%

JBMC: A Bounded Model Checking Tool for Java Bytecode

Brenguier¹,

Cordeiro²,

Kroening³

et al. 2023

Preprint

View full text Add to dashboard Cite

JBMC is an open-source SAT-and SMT-based bounded model checking tool for verifying Java bytecode. JBMC relies on an operational model of the Java libraries, which conservatively approximates their semantics, to verify assertion violations, array out-of-bounds, unintended arithmetic overflows, and other kinds of functional and runtime errors in Java bytecode. JBMC can be used to either falsify properties or prove program correctness if an upper bound on the depth of the state-space is known. Practical applications of JBMC include but are not limited to bug finding, property checking, test input generation, detection of security vulnerabilities, and program synthesis. Here we provide a detailed description of JBMC's architecture and its functionalities, including an in-depth discussion of its background theories and underlying technologies, including a state-of-the-art string solver to ensure safety and security of Java bytecode.

show abstract

“…Achievements collected by Aichernig and Maibaum [2], Boulanger [15], and Gnesi and Margaria [62] show that many researchers have been working towards successful FM transfer. Moreover, researchers experienced in particular FMs draw positive conclusions from FM applications, especially in scaling FMs through adequate tool support for continuous reasoning in agile software development [131,142] . However, few static analysis tools are based on FMs and many of these tools are exposed to reduced effectiveness because of high false-positive rates, particularly if settings are not perfectly adjusted to the corresponding project [58].…”

Section: Transfer Effortsmentioning

confidence: 99%

New Opportunities for Integrated Formal Methods

2019

View full text Add to dashboard Cite

Formal methods have provided approaches for investigating software engineering fundamentals and also have high potential to improve current practices in dependability assurance. In this article, we summarise known strengths and weaknesses of formal methods. From the perspective of the assurance of robots and autonomous systems (RAS), we highlight new opportunities for integrated formal methods and identify threats to the adoption of such methods. Based on these opportunities and threats, we develop an agenda for fundamental and empirical research on integrated formal methods and for successful transfer of validated research to RAS assurance. Furthermore, we outline our expectations on useful outcomes of such an agenda. AcronymsAI artificial intelligence ASIL automotive safety integrity level DA dependability assurance DAL design assurance level DSE dependable systems engineering DSL domain-specific language FDA Food and Drug Administration FI formal inspection FM formal method HCI human-computer interaction iFM integrated formal method IT information technology MBD model-based development MDE model-driven engineering ML machine learning RAS robots and autonomous systems RCA root cause analysis RE requirements engineering SACM Structured Assurance Case Meta-model SC systematic capability SIL safety integrity level SMT Satisfiability Modulo Theory SWOT strengths, weaknesses, opportunities, and threats SysML Systems Modelling Language UML Unified Modelling Language UTP Unifying Theories of ProgrammingWe view robots and autonomous systems as both dependable systems and highly automated machines capable of achieving a variety of complex tasks in support of humans. We can consider such systems by looking at four layers: the plant or process composed of the operational environment and the machine; the machine itself; the machine's controller, and the software embedded into this controller. Based on these layers, we treat "embedded system" and "embedded software" as synonyms. Machine, controller, and software can all be distributed.By dependable systems engineering, we refer to error-avoidance and error-detection activities in control system and embedded software development (e.g. according to the V-model). Avizienis et al.[7] devised a comprehensive terminology and an overview of the assessment and handling of a variety of faults, errors, and failures. For critical systems, such activities are expected to be explicit (e.g. traceable, documented), to employ best practices (e.g. design patterns), and to be driven by reasonably qualified personnel (e.g. well-trained and experienced engineers or programmers).The need for dependability often arises from the embedding of software into a cyber-physical context (i.e., an electronic execution platform, a physical process to be controlled, and other systems or human users to interact with). Dependability assurance (DA), or assurance for short, encompasses the usually cross-disciplinary task of providing evidence for an assurance case (e.g. safety, security, reliability) for a sys...

show abstract

Continuous Reasoning

Cited by 62 publications

References 70 publications

Verified Cryptographic Code for Everybody

Verified Cryptographic Code for Everybody

JBMC: A Bounded Model Checking Tool for Java Bytecode

New Opportunities for Integrated Formal Methods

Contact Info

Product

Resources

About