The synthesis of a Java card tokenisation algorithm

Denney, Ewen

doi:10.1109/ase.2001.989789

Cited by 6 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Genet et al [GJKP03] use the generic proof assistant PVS for proving the correctness of algorithms for transforming Java Card byte code into the more compact CAP format. Similar works was done by Denney [Den01], using the program extraction mechanism of Coq. These optimisations do not involve any sophisticated static analysis.…”

Section: Related Workmentioning

confidence: 83%

Extracting a Data Flow Analyser in Constructive Logic

Cachera

Jensen

Pichardie

et al. 2004

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. We show how to formalise a constraint-based data flow analysis in the specification language of the Coq proof assistant. This involves defining a dependent type of lattices together with a library of lattice functors for modular construction of complex abstract domains. Constraints are expressed in an intermediate representation that allows for both efficient constraint resolution and correctness proof of the analysis with respect to an operational semantics. The proof of existence of a correct, minimal solution to the constraints is constructive which means that the extraction mechanism of Coq provides a provably correct data flow analyser in ocaml. The library of lattices together with the intermediate representation of constraints are defined in an analysis-independent fashion that provides a basis for a generic framework for proving and extracting static analysers in Coq.

show abstract

Section: Related Workmentioning

confidence: 83%

Extracting a Data Flow Analyser in Constructive Logic

Cachera

Jensen

Pichardie

et al. 2004

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Genet et al [11] use the generic proof assistant PVS for proving the correctness of algorithms for transforming Java Card byte code into the more compact CAP format. Similar work was done by Denney [10], using the program extraction mechanism of Coq. These optimizations do not involve any sophisticated static analysis.…”

Section: Related Workmentioning

confidence: 96%

“…We construct a function analyse of dependent type (P : Program) → State P which must verify ∀P : Program, P ٛanalyse(P ) (10) In addition, we want to obtain a non-trivial solution of the constraint system: e.g., an analyser returning the top element of the lattice for any input is a correct solution, but of poor interest. We thus add the requirement that our solution is the least solution of the constraint system:…”

Section: Construction Of the Analysermentioning

confidence: 99%

Extracting a data flow analyser in constructive logic

Cachera

Jensen

Pichardie

et al. 2005

Theoretical Computer Science

View full text Add to dashboard Cite

A constraint-based data flow analysis is formalised in the specification language of the Coq proof assistant. This involves defining a dependent type of lattices together with a library of lattice functors for modular construction of complex abstract domains. Constraints are represented in a way that allows for both efficient constraint resolution and correctness proof of the analysis with respect to an operational semantics. The proof of existence of a solution to the constraints is constructive which means that the extraction mechanism of Coq provides a provably correct data flow analyser in Ocaml from the proof. The library of lattices and the representation of constraints are defined in an analysisindependent fashion that provides a basis for a generic framework for proving and extracting static analysers in Coq.

show abstract

“…The surprising lesson, for me at least, was the amount of effort it required to smooth out all the niggling issues with interfacing with other Haskell libraries, realizing axioms, custom module headers, type classes, and so forth. [Denney 2001;Filliâtre and Letouzey 2004;Leroy 2006]. Using extraction successfully requires a close tie between the theorem prover and target programming language.…”

Section: Lessons Learnedmentioning

confidence: 99%