Inductive assertions and operational semantics

Moore, J. Strother

doi:10.1007/s10009-005-0180-2

Cited by 10 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To prove partial correctness, at the very least we are required to define a sufficient collection of program invariants. In fact, a method that requires only this is due to Moore [39], who shows how to use ACL2 to automatically generate the verification conditions required to show that the program invariants imply partial correctness. There are also extensions that allows us to prove total correctness results [37].…”

Section: Reasoning About Programsmentioning

confidence: 99%

A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures

Manolios

Srinivasan

2006

J Autom Reasoning

View full text Add to dashboard Cite

We describe an approach to verifying bit-level pipelined machine models using a combination of deductive reasoning and decision procedures. While theoremproving systems such as ACL2 have been used to verify bit-level designs, they typically require extensive expert user support. Decision procedures such as those implemented in UCLID can be used to automatically and efficiently verify term-level pipelined machine models, but these models use numerous abstractions, implement a subset of the instruction set, and are far from executable. We show that by integrating UCLID with the ACL2 theorem-proving system, we can use ACL2 to reduce the proof that an executable, bit-level machine refines its instruction set architecture to a proof that a term-level abstraction of the bit-level machine refines the instruction set architecture, which is then handled automatically by UCLID. We demonstrate the efficiency of our approach by applying it to verify a complex, seven-stage, bit-level interface pipelined machine model that implements 593 instructions and has features such as branch prediction, exceptions, and predicated instruction execution. Such a proof is not possible using UCLID and would require prohibitively more effort using just ACL2.

show abstract

Section: Reasoning About Programsmentioning

confidence: 99%

A Framework for Verifying Bit-Level Pipelined Machines Based on Automated Deduction and Decision Procedures

Manolios

Srinivasan

2006

J Autom Reasoning

View full text Add to dashboard Cite

show abstract

“…The generation of VCs based on theorem proving and operational semantics has been investigated in [31,33]. In [33] the authors present a proof of concept method to prove partial correctness of programs that makes use of a small-step operational semantics.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

“…In [33] the authors present a proof of concept method to prove partial correctness of programs that makes use of a small-step operational semantics. The semantics is explicitly expressed in the logic, and the VCs are generated as a by-product of the correctness proof.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Semantics-based generation of verification conditions by program specialization

Angelis

Fioravanti

Pettorossi

et al. 2015

Proceedings of the 17th International Symposium on Principles and Practice of Declarative Programming

View full text Add to dashboard Cite

We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it specializes, by using unfold/fold transformation rules, a Horn clause interpreter that encodes that semantics.We define a multi-step operational semantics for a fragment of the C language and compare the verification conditions obtained by using this semantics with those obtained by using a more traditional small-step semantics. The flexibility of the approach is further demonstrated by showing that it is possible to easily take into account alternative operational semantics definitions for modeling new language features. Finally, we provide an experimental evaluation of the method by generating verification conditions using the multi-step and the small-step semantics for a few hundreds of programs taken from various publicly available benchmarks, and by checking the satisfiability of these verification conditions by using state-of-the-art Horn clause solvers. These experiments show that automated verification of programs from a formal definition of the operational semantics is indeed feasible in practice.

show abstract

“…In this method, the user annotates a program by attaching assertions on certain cutpoints, and the goal is to prove that whenever program control reaches a cutpoint, the corresponding assertions hold. Moore [7] shows how to use symbolic simulation to derive such proofs from an operational model of the system. An operational model is given by a function next that can be treated as a state transformation function: (next s) gives the state of the machine after one transition from s. Moore's method involves the definition of a predicate inv0 with the following equation: (= (inv0 s) (if (cut s) (assert s) (inv0 (next s))))…”

Section: Practical Benefitsmentioning

confidence: 99%