skip to main content
research-article

Generating Invariant-Based Certificates for Embedded Systems

Published:01 July 2012Publication History
Skip Abstract Section

Abstract

Automatic verification tools, such as model checkers and tools based on static analysis or on abstract interpretation, have become popular in software and hardware development. They increase confidence and potentially provide rich feedback. However, with increasing complexity, verification tools themselves are more likely to contain errors.

In contrast to automatic verification tools, higher-order theorem provers use mathematically founded proof strategies checked by a small proof checker to guarantee selected properties. Thus, they enjoy a high level of trustability. Properties of software and hardware systems and their justifications can be encapsulated into a certificate, thereby guaranteeing correctness of the systems, with respect to the properties. These results offer a much higher degree of confidence than results achieved by verification tools. However, higher-order theorem provers are usually slow, due to their general and minimalistic nature. Even for small systems, a lot of human interaction is required for establishing a certificate.

In this work, we combine the advantages of automatic verification tools (i.e., speed and automation) with those of higher-order theorem provers (i.e., high level of trustability). The verification tool generates a certificate for each invocation. This is checked by the higher-order theorem prover, thereby guaranteeing the desired property. The generation of certificates is much easier than producing the analysis results of the verification tool in the first place. In our work, we are able to create certificates that come with an algorithmic description of the proof of the desired property as justification. We concentrate on verification tools that generate invariants of systems and certify automatically that these do indeed hold. Our approach is applied to the certification of the verdicts of a deadlock-detection tool for an asynchronous component-based language.

References

  1. Alur, R., Courcoubetis, C., Halbwachs, N., Henzinger, T. A., Ho, P. H., Nicollin, X., Olivero, A., Sifakis, J., and Yovine, S. 1995. The algorithmic analysis of hybrid systems. Theor. Comput. Sci. 138, 1, 3--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Appel, A. W. 2001. Foundational proof-carrying code. In Proceedings of the Annual IEEE Symposium on Logic in Computer Science (LICS’01). Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Appel, A. W., Michael, N., Stump, A., and Virga, R. 2003. A trustworthy proof checker. J. Autom. Reason 31, 3--4, 231--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Armand, M., Grégoire, B., Spiwack, A., and Théry, L. 2010. Extending Coq with imperative features and its application to SAT verication. In Proceedings of the 1st International Conference on Interactive Theorem Proving (ITP’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Barras, B. 1996. Verification of the interface of a small proof system in Coq. In Proceedings of the International Workshop on Types for Proofs and Programs (TYPES’96). Lecture Notes in Computer Science, vol. 1512, Springer-Verlag, Berlin, 28--45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Basu, A., Bozga, M., and Sifakis, J. 2006. Modeling heterogeneous real-time components in BIP. In Proceedings of the 4th Conference on Software Engineering and Formal Methods (SEFM’06). 3--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bensalem, S. and Lakhnech, Y. 1999. Automatic generation of invariants. Formal Methods Syst. Design 151, 1, 75--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bensalem, S., Bozga, M., Sifakis, J., and Nguyen, T.-H. 2008. Compositional verification for component-based systems and application. In Proceedings of the 6th Symposium on Automated Technology for Verification and Analysis (ATVA’08). Lecture Notes in Computer Science, vol. 5311, Springer-Verlag, Berlin, 64--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Besson, F., Jensen, T., and Pichardie, D. 2006. Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364, 3, 273--291. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Blech, J. O. and Poetzsch-Heffter, A. 2007. A certifying code generation phase. Electron. Notes Theor. Comput. Sci. 190, 4, 65--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Blech, J. O. and Gregoire, B. 2008. Certifying code generation with Coq. In Proceedings of the 7th Workshop on Compiler Optimization Meets Compiler Verification (COCV’08).Google ScholarGoogle Scholar
  12. Blech, J. O. and Périn, M. 2009. Certifying Deadlock-freedom for BIP Models. In Proceedings of the 12th International Workshop on Software and Compilers for Embedded Systems (SCOPES’09). Google ScholarGoogle Scholar
  13. Blech, J. O. and Gregoire, B. 2009. Using checker predicates in certifying code generation. In Proceedings of the 8th Workshop on Compiler Optimization Meets Compiler Verification (COCV’09).Google ScholarGoogle Scholar
  14. Blech, J. O., Nguyen, T.-H., and Périn, M. 2009. Invariants and robustness of BIP Models. In Proceedings of the Workshop on Invariant Generation (WING’09).Google ScholarGoogle Scholar
  15. Böhme, S. and Weber, T. 2010. Fast LCF-style proof reconstruction for Z3. In Proceedings of the 1st International Conference on Interactive Theorem Proving (ITP’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Chetali, B. and Nguyen, Q. H. 2008. Industrial use of formal methods for a high-level security evaluation. In Proceedings of the 15th Symposium on Formal Methods in the Development of Computing Systems (FM’08). Lecture Notes in Computer Science, vol. 5014, Springer-Verlag, 198--213. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Filliâtre, J.-C. and Marché, C. 2007. Why/Krakatoa/Caduceus platform for deductive program verification. In Proceedings of the Computer Aided Verification (CAV’07). Lecture Notes in Computer Science, vol. 4590, Springer-Verlag, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., and Weimer, W. 2002. Temporal-safety proofs for systems code. In Proceedings of the 14th Conference on Computer Aided Verification (CAV’02). Lecture Notes in Computer Science, vol. 2404, Springer-Verlag, Berlin, 526--538. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Henzinger, T. A., Jhala, R., Majumdar, R., and McMillan, K. L. 2004. Abstractions from proofs. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL’04). ACM Press, 232--244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Jaffe, M., Leveson, N., Heimdahl, M., and Melhart, B. 1991. Software requirements analysis for real-time process-control systems. IEEE Trans. Softw. Eng. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Leroy, X. 2006. Formal certification of a compiler back-end or: Programming a compiler with a proof assistant. In Proceedings of the 33rd ACM Symposium on Principles of Programming Languages (POPL’06). 42--54. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Lescuyer, S. and Conchon, S. 2008. A reflexive formalization of a SAT solver in Coq. In Proceedings of the International Conference on Emerging Trends of Theorem Proving in Higher Order Logics.Google ScholarGoogle Scholar
  23. Lev-Ami, T., Immerman, N., Reps, T. W., Sagiv, S., Srivastava, S., and Yorsh, G. 2005. Simulating reachability using first-order logic with applications to verification of linked data structures. In Proceedings of the 20th Conference on Automated Deduction (CADE’05). Lecture Notes in Computer Science, vol. 3632, Springer-Verlag, Berlin, 99--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. McMillan, K. L. 2003. Interpolation and SAT-Based model checking. In Proceedings of the 15th Computer Aided Verification (CAV’03). Lecture Notes in Computer Science, vol. 2725, Springer-Verlag, Berlin, 1--13.Google ScholarGoogle Scholar
  25. Moskal, M. 2008. Rocket-fast proof checking for SMT solvers. In Proceedings of the 14th Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08). Lecture Notes in Computer Science, vol. 4963, Springer-Verlag, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Namjoshi, K. S. 2001. Certifying model checkers. In Proceedings of the 13th Computer Aided Verification (CAV’01). Lecture Notes in Computer Science, vol. 2102, Springer-Verlag, Berlin, 2--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Necula, G. C. 1997. Proof-carrying code. In Proceedings of the 24th Symposium Principles of Programming Languages (POPL’97). 106--119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Necula, G. C. 2000. Translation validation for an optimizing compiler. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI’00). 83--94. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Pnueli, A., Siegel, M., and Singerman, E. 1998. Translation validation. In Proceedings of the 4th Conference on Tools and Algorihtms for the Construction and Analysis of Systems (TACAS’98). Lecture Notes in Computer Science, vol. 1384, Springer-Verlag, Berlin, 151--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Presburger, M. 1929. Über die Vollständigkeit eines gewissen systems der arithmetik, in welchem die addition als einzige operation hervortritt. Comptes rendus du I Congrès des Mathématiciens des Pays Slaves, Warsaw.Google ScholarGoogle Scholar
  31. Pugh, W. 1991. The Omega test: A fast and practical integer programming algorithm for dependence analysis. In Proceedings of the 5th ACM/IEEE Conference on Supercomputing (SC’91). 4--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Schneck, R. R. and Necula, G. C. 2002. A gradual approach to a more trustworthy, yet scalable, proof-carrying code. In Proceedings of the 17th Conference on Automated Deduction (CADE’02). Lecture Notes in Computer Science, vol. 2392, Springer-Verlag, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Srivas, M. K. and Miller, S. P. 1996. Applying formal verification to the AAMP5 microprocessor: A case study in the industrial use of formal methods. Formal Methods Syst. Design 8, 2, 153--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Stump, A. and Dill, D. 2002. Faster proof checking in the edinburgh logical framework. In Proceedings of the 17th Conference on Automated Deduction (CADE’02). Lecture Notes in Computer Science, vol. 2392, Springer-Verlag, Berlin. 185--222. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Tan, T. and Cleaveland, R. 2002. Evidence-based model checking. In Proceedings of Computer Aided Verification (CAV’02). Lecture Notes in Computer Science, vol. 2404, Springer-Verlag, Berlin, 455--470. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Tristan, J.-B. and Leroy, X. 2008. Formal verification of translation validators: A case study on instruction scheduling optimizations. In Proceedings of the 35th Symposium on Principles of Programming Languages (POPL’08). 17--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Weber, T. and Amjad, H. 2009. Efficiently checking propositional Refutations in HOL theorem provers. J. Appl. Logic.Google ScholarGoogle ScholarCross RefCross Ref
  38. Wildmoser, M. and Nipkow, T. 2004. Certifying machine code safety: Shallow versus deep embedding. In Proceedings of International Conference on Theorem Proving in Higher Order Logics (TPHOLs’04). Lecture Notes in Computer Science, vol. 3223, Springer-Verlag, Berlin.Google ScholarGoogle Scholar
  39. Wu, D., Appel, A. W., and Stump, A. 2003. Foundational proof checkers with small witnesses. In Proceedings of the ACM Conference on Principles and Practice of Declarative Programming (PPDP’03). 264--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Zhang, L. and Malik, S. 2003. Validating SAT solvers using an independent resolution-based checker: Practical implementations and other applications. In Proceedings of the Conference on Design, Automation & Test in Europe (DATE’’03). 10880--10885. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Zuck, L. D., Pnueli, A., and Goldberg, B. 2003. VOC: A methodology for the translation validation of optimizing compilers. J. Universal Comput. Sci 9, 3, 223--247.Google ScholarGoogle Scholar

Index Terms

  1. Generating Invariant-Based Certificates for Embedded Systems

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!