Abstract
Automatic verification tools, such as model checkers and tools based on static analysis or on abstract interpretation, have become popular in software and hardware development. They increase confidence and potentially provide rich feedback. However, with increasing complexity, verification tools themselves are more likely to contain errors.
In contrast to automatic verification tools, higher-order theorem provers use mathematically founded proof strategies checked by a small proof checker to guarantee selected properties. Thus, they enjoy a high level of trustability. Properties of software and hardware systems and their justifications can be encapsulated into a certificate, thereby guaranteeing correctness of the systems, with respect to the properties. These results offer a much higher degree of confidence than results achieved by verification tools. However, higher-order theorem provers are usually slow, due to their general and minimalistic nature. Even for small systems, a lot of human interaction is required for establishing a certificate.
In this work, we combine the advantages of automatic verification tools (i.e., speed and automation) with those of higher-order theorem provers (i.e., high level of trustability). The verification tool generates a certificate for each invocation. This is checked by the higher-order theorem prover, thereby guaranteeing the desired property. The generation of certificates is much easier than producing the analysis results of the verification tool in the first place. In our work, we are able to create certificates that come with an algorithmic description of the proof of the desired property as justification. We concentrate on verification tools that generate invariants of systems and certify automatically that these do indeed hold. Our approach is applied to the certification of the verdicts of a deadlock-detection tool for an asynchronous component-based language.
- Alur, R., Courcoubetis, C., Halbwachs, N., Henzinger, T. A., Ho, P. H., Nicollin, X., Olivero, A., Sifakis, J., and Yovine, S. 1995. The algorithmic analysis of hybrid systems. Theor. Comput. Sci. 138, 1, 3--34. Google Scholar
Digital Library
- Appel, A. W. 2001. Foundational proof-carrying code. In Proceedings of the Annual IEEE Symposium on Logic in Computer Science (LICS’01). Google Scholar
Digital Library
- Appel, A. W., Michael, N., Stump, A., and Virga, R. 2003. A trustworthy proof checker. J. Autom. Reason 31, 3--4, 231--260. Google Scholar
Digital Library
- Armand, M., Grégoire, B., Spiwack, A., and Théry, L. 2010. Extending Coq with imperative features and its application to SAT verication. In Proceedings of the 1st International Conference on Interactive Theorem Proving (ITP’10). Google Scholar
Digital Library
- Barras, B. 1996. Verification of the interface of a small proof system in Coq. In Proceedings of the International Workshop on Types for Proofs and Programs (TYPES’96). Lecture Notes in Computer Science, vol. 1512, Springer-Verlag, Berlin, 28--45. Google Scholar
Digital Library
- Basu, A., Bozga, M., and Sifakis, J. 2006. Modeling heterogeneous real-time components in BIP. In Proceedings of the 4th Conference on Software Engineering and Formal Methods (SEFM’06). 3--12. Google Scholar
Digital Library
- Bensalem, S. and Lakhnech, Y. 1999. Automatic generation of invariants. Formal Methods Syst. Design 151, 1, 75--92. Google Scholar
Digital Library
- Bensalem, S., Bozga, M., Sifakis, J., and Nguyen, T.-H. 2008. Compositional verification for component-based systems and application. In Proceedings of the 6th Symposium on Automated Technology for Verification and Analysis (ATVA’08). Lecture Notes in Computer Science, vol. 5311, Springer-Verlag, Berlin, 64--79. Google Scholar
Digital Library
- Besson, F., Jensen, T., and Pichardie, D. 2006. Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364, 3, 273--291. Google Scholar
Digital Library
- Blech, J. O. and Poetzsch-Heffter, A. 2007. A certifying code generation phase. Electron. Notes Theor. Comput. Sci. 190, 4, 65--82. Google Scholar
Digital Library
- Blech, J. O. and Gregoire, B. 2008. Certifying code generation with Coq. In Proceedings of the 7th Workshop on Compiler Optimization Meets Compiler Verification (COCV’08).Google Scholar
- Blech, J. O. and Périn, M. 2009. Certifying Deadlock-freedom for BIP Models. In Proceedings of the 12th International Workshop on Software and Compilers for Embedded Systems (SCOPES’09). Google Scholar
- Blech, J. O. and Gregoire, B. 2009. Using checker predicates in certifying code generation. In Proceedings of the 8th Workshop on Compiler Optimization Meets Compiler Verification (COCV’09).Google Scholar
- Blech, J. O., Nguyen, T.-H., and Périn, M. 2009. Invariants and robustness of BIP Models. In Proceedings of the Workshop on Invariant Generation (WING’09).Google Scholar
- Böhme, S. and Weber, T. 2010. Fast LCF-style proof reconstruction for Z3. In Proceedings of the 1st International Conference on Interactive Theorem Proving (ITP’10). Google Scholar
Digital Library
- Chetali, B. and Nguyen, Q. H. 2008. Industrial use of formal methods for a high-level security evaluation. In Proceedings of the 15th Symposium on Formal Methods in the Development of Computing Systems (FM’08). Lecture Notes in Computer Science, vol. 5014, Springer-Verlag, 198--213. Google Scholar
Digital Library
- Filliâtre, J.-C. and Marché, C. 2007. Why/Krakatoa/Caduceus platform for deductive program verification. In Proceedings of the Computer Aided Verification (CAV’07). Lecture Notes in Computer Science, vol. 4590, Springer-Verlag, Berlin. Google Scholar
Digital Library
- Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., and Weimer, W. 2002. Temporal-safety proofs for systems code. In Proceedings of the 14th Conference on Computer Aided Verification (CAV’02). Lecture Notes in Computer Science, vol. 2404, Springer-Verlag, Berlin, 526--538. Google Scholar
Digital Library
- Henzinger, T. A., Jhala, R., Majumdar, R., and McMillan, K. L. 2004. Abstractions from proofs. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL’04). ACM Press, 232--244. Google Scholar
Digital Library
- Jaffe, M., Leveson, N., Heimdahl, M., and Melhart, B. 1991. Software requirements analysis for real-time process-control systems. IEEE Trans. Softw. Eng. Google Scholar
Digital Library
- Leroy, X. 2006. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In Proceedings of the 33rd ACM Symposium on Principles of Programming Languages (POPL’06). 42--54. Google Scholar
Digital Library
- Lescuyer, S. and Conchon, S. 2008. A reflexive formalization of a SAT solver in Coq. In Proceedings of the International Conference on Emerging Trends of Theorem Proving in Higher Order Logics.Google Scholar
- Lev-Ami, T., Immerman, N., Reps, T. W., Sagiv, S., Srivastava, S., and Yorsh, G. 2005. Simulating reachability using first-order logic with applications to verification of linked data structures. In Proceedings of the 20th Conference on Automated Deduction (CADE’05). Lecture Notes in Computer Science, vol. 3632, Springer-Verlag, Berlin, 99--115. Google Scholar
Digital Library
- McMillan, K. L. 2003. Interpolation and SAT-Based model checking. In Proceedings of the 15th Computer Aided Verification (CAV’03). Lecture Notes in Computer Science, vol. 2725, Springer-Verlag, Berlin, 1--13.Google Scholar
- Moskal, M. 2008. Rocket-fast proof checking for SMT solvers. In Proceedings of the 14th Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08). Lecture Notes in Computer Science, vol. 4963, Springer-Verlag, Berlin. Google Scholar
Digital Library
- Namjoshi, K. S. 2001. Certifying model checkers. In Proceedings of the 13th Computer Aided Verification (CAV’01). Lecture Notes in Computer Science, vol. 2102, Springer-Verlag, Berlin, 2--13. Google Scholar
Digital Library
- Necula, G. C. 1997. Proof-carrying code. In Proceedings of the 24th Symposium Principles of Programming Languages (POPL’97). 106--119. Google Scholar
Digital Library
- Necula, G. C. 2000. Translation validation for an optimizing compiler. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI’00). 83--94. Google Scholar
Digital Library
- Pnueli, A., Siegel, M., and Singerman, E. 1998. Translation validation. In Proceedings of the 4th Conference on Tools and Algorihtms for the Construction and Analysis of Systems (TACAS’98). Lecture Notes in Computer Science, vol. 1384, Springer-Verlag, Berlin, 151--166. Google Scholar
Digital Library
- Presburger, M. 1929. Über die Vollständigkeit eines gewissen systems der arithmetik, in welchem die addition als einzige operation hervortritt. Comptes rendus du I Congrès des Mathématiciens des Pays Slaves, Warsaw.Google Scholar
- Pugh, W. 1991. The Omega test: A fast and practical integer programming algorithm for dependence analysis. In Proceedings of the 5th ACM/IEEE Conference on Supercomputing (SC’91). 4--13. Google Scholar
Digital Library
- Schneck, R. R. and Necula, G. C. 2002. A gradual approach to a more trustworthy, yet scalable, proof-carrying code. In Proceedings of the 17th Conference on Automated Deduction (CADE’02). Lecture Notes in Computer Science, vol. 2392, Springer-Verlag, Berlin. Google Scholar
Digital Library
- Srivas, M. K. and Miller, S. P. 1996. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods Syst. Design 8, 2, 153--188. Google Scholar
Digital Library
- Stump, A. and Dill, D. 2002. Faster proof checking in the edinburgh logical framework. In Proceedings of the 17th Conference on Automated Deduction (CADE’02). Lecture Notes in Computer Science, vol. 2392, Springer-Verlag, Berlin. 185--222. Google Scholar
Digital Library
- Tan, T. and Cleaveland, R. 2002. Evidence-based model checking. In Proceedings of Computer Aided Verification (CAV’02). Lecture Notes in Computer Science, vol. 2404, Springer-Verlag, Berlin, 455--470. Google Scholar
Digital Library
- Tristan, J.-B. and Leroy, X. 2008. Formal verification of translation validators: A case study on instruction scheduling optimizations. In Proceedings of the 35th Symposium on Principles of Programming Languages (POPL’08). 17--27. Google Scholar
Digital Library
- Weber, T. and Amjad, H. 2009. Efficiently checking propositional Refutations in HOL theorem provers. J. Appl. Logic.Google Scholar
Cross Ref
- Wildmoser, M. and Nipkow, T. 2004. Certifying machine code safety: Shallow versus deep embedding. In Proceedings of International Conference on Theorem Proving in Higher Order Logics (TPHOLs’04). Lecture Notes in Computer Science, vol. 3223, Springer-Verlag, Berlin.Google Scholar
- Wu, D., Appel, A. W., and Stump, A. 2003. Foundational proof checkers with small witnesses. In Proceedings of the ACM Conference on Principles and Practice of Declarative Programming (PPDP’03). 264--274. Google Scholar
Digital Library
- Zhang, L. and Malik, S. 2003. Validating SAT solvers using an independent resolution-based checker: Practical implementations and other applications. In Proceedings of the Conference on Design, Automation & Test in Europe (DATE’’03). 10880--10885. Google Scholar
Digital Library
- Zuck, L. D., Pnueli, A., and Goldberg, B. 2003. VOC: A methodology for the translation validation of optimizing compilers. J. Universal Comput. Sci 9, 3, 223--247.Google Scholar
Index Terms
Generating Invariant-Based Certificates for Embedded Systems
Recommendations
Certifying compilers using higher-order theorem provers as certificate checkers
Correct software requires compilers to work correctly. Especially code generation can be an error prone task, since it potentially uses sophisticated algorithms to produce efficient code.
In this paper we present an approach to guarantee the correctness ...
A tale of two provers: verifying monoidal string matching in liquid Haskell and Coq
Haskell '17We demonstrate for the first time that Liquid Haskell, a refinement type checker for Haskell programs, can be used for arbitrary theorem proving by verifying a parallel, monoidal string matching algorithm implemented in Haskell. We use refinement types ...
A tale of two provers: verifying monoidal string matching in liquid Haskell and Coq
Haskell 2017: Proceedings of the 10th ACM SIGPLAN International Symposium on HaskellWe demonstrate for the first time that Liquid Haskell, a refinement type checker for Haskell programs, can be used for arbitrary theorem proving by verifying a parallel, monoidal string matching algorithm implemented in Haskell. We use refinement types ...






Comments