scholarly journals Formal Replay of Translation Validation for Highly Optimised C

10.29007/dw2m ◽  
2018 ◽  
Author(s):  
Thomas Sewell
Keyword(s):  
Gold Standard ◽  
Program Verification ◽  
Theorem Prover ◽  
Worked Example ◽  
Translation Validation ◽  
Smt Solvers ◽  
Ongoing Effort ◽  
Formal Rule ◽  
Standard Level ◽  
Rule Set

In previous work [Sewell, Myreen and Klein, 2013] we have implemented atranslation validation mechanism for checking that a C compiler is adheringto the expected semantics of a verified program. We used this apparatus tocheck the compilation of the seL4 verified operating systemkernel [Klein et.al. 2009] by GCC 4.5.1. To get this result, wecarefully chose a problem representation that worked well with certain highlyoptimised SMT solvers. This raises a question of correctness. While we areconfident the result is correct, we still aim to replay this result with themost dependable tools available.In this work we present a formalisation of the proof rules needed to replaythe translation check within the theorem prover Isabelle/HOL. This is part ofan ongoing effort to bring the entire translation validation result within asingle trusted proof engine and derive a single correctness theorem, thusreaching the gold standard level of trustworthiness for program verification.We had hoped to present the formal rule set in action through a worked example.Unfortunately while we have all the theory we need, the mechanisms forselecting and applying the rules and discharging certain side conditions remaina work in progress, and our example proof is incomplete.

scholarly journals VS3: SMT Solvers for Program Verification

2009 ◽  
pp. 702-708 ◽  
Author(s):  
Saurabh Srivastava ◽  
Sumit Gulwani ◽  
Jeffrey S. Foster
Keyword(s):  
Program Verification ◽  
Smt Solvers

scholarly journals Continuous Verification of Network Security Compliance

2021 ◽  
Author(s):  
Claas Lorenz ◽  
Vera Clemens ◽  
Max Schrötter ◽  
Bettina Schnor
Keyword(s):  
Network Security ◽  
Formal Language ◽  
Theorem Prover ◽  
Domain Specific ◽  
Rule Sets ◽  
Rule Set ◽  
Verification Tools ◽  
Data Structures And Algorithms ◽  
Security Compliance ◽  
High Level

Continuous verification of network security compliance is an accepted need. Especially, the analysis of stateful packet filters plays a central role for network security in practice. But the few existing tools which support the analysis of stateful packet filters are based on general applicable formal methods like Satifiability Modulo Theories (SMT) or theorem prover and show runtimes in the order of minutes to hours making them unsuitable for continuous compliance verification.<br>In this work, we address these challenges and present the concept of state shell interweaving to transform a stateful firewall rule set into a stateless rule set. This allows us to reuse any fast domain specific engine from the field of data plane verification tools leveraging smart, very fast, and domain specialized data structures and algorithms including Header Space Analysis (HSA). First, we introduce the formal language FPL that enables a high-level human-understandable specification of the desired state of network security. Second, we demonstrate the instantiation of a compliance process using a verification framework that analyzes the configuration of complex networks and devices - including stateful firewalls - for compliance with FPL policies. Our evaluation results show the scalability of the presented approach for the well known Internet2 and Stanford benchmarks as well as for large firewall rule sets where it outscales state-of-the-art tools by a factor of over 41.

scholarly journals AN EMPIRICAL EVALUATION OF AUTOMATED THEOREM PROVERS IN SOFTWARE CERTIFICATION

2006 ◽  
Vol 15 (01) ◽  
pp. 81-107 ◽  
Author(s):  
EWEN DENNEY ◽  
BERND FISCHER ◽  
JOHANN SCHUMANN
Keyword(s):  
System Architecture ◽  
High Performance ◽  
Program Verification ◽  
Source Code ◽  
Empirical Evaluation ◽  
Theorem Prover ◽  
Safety Properties ◽  
Proof Checking ◽  
First Order ◽  
The Individual

We describe a system for the automated certification of safety properties of NASA software. The system uses Hoare-style program verification technology to generate proof obligations which are then processed by an automated first-order theorem prover (ATP). We discuss the unique requirements this application places on the ATPs, focusing on automation, proof checking, traceability, and usability, and describe the resulting system architecture, including a certification browser that maintains and displays links between obligations and source code locations. For full automation, the obligations must be aggressively preprocessed and simplified, and we demonstrate how the individual simplification stages, which are implemented by rewriting, influence the ability of the ATPs to solve the proof tasks. Our results are based on 13 comprehensive certification experiments that lead to 366 top-level safety obligations and ultimately to more than 25,000 proof tasks which have been used to determine the suitability of the high-performance provers DCTP, E-Setheo, E, Gandalf, Otter, Setheo, Spass, and Vampire, and our associated infrastructure. The proofs found by Otter have been checked by Ivy.

scholarly journals Complete decision procedure for the theory of bounded pointer arithmetic based on quantifier instantiation and SMT

2021 ◽  
Vol 33 (4) ◽  
pp. 177-194
Author(s):  
Rafael Faritovich Sadykov ◽  
Mikhail Usamovich Mandrykin
Keyword(s):  
Program Verification ◽  
Source Code ◽  
Decision Procedures ◽  
C Programs ◽  
Smt Solver ◽  
Smt Solvers ◽  
Relevant Logics ◽  
Soundness And Completeness ◽  
C Program ◽  
Quantifier Instantiation

The process of developing C programs is quite often prone to errors related to the uses of pointer arithmetic and operations on memory addresses. This promotes a need in developing various tools for automated program verification. One of the techniques frequently employed by those tools is invocation of appropriate decision procedures implemented within existing SMT-solvers. But at the same time both the SMT standard and most existing SMT-solvers lack the relevant logics (combinations of logical theories) for directly and precisely modelling the semantics of pointer operations in C. One of the possible ways to support these logics is to implement them in an SMT solver, but this approach can be time-consuming (as requires modifying the solver’s source code), inflexible (introducing any changes to the theory’s signature or semantics can be unreasonably hard) and limited (every solver has to be supported separately). Another way is to design and implement custom quantifier instantiation strategies. These strategies can be then used to translate formulas in the desired theory combinations to formulas in well-supported decidable logics such as QF_UFLIA. In this paper, we present an instantiation procedure for translating formulas in the theory of bounded pointer arithmetic into the QF_UFLIA logic. We formally proved soundness and completeness of our instantiation procedure in Isabelle/HOL. The paper presents an informal description of this proof of the proposed procedure. The theory of bounded pointer arithmetic itself was formulated based on known errors regarding the correct use of pointer arithmetic operations in industrial code as well as the semantics of these operations specified in the C standard. Similar procedure can also be defined for a practically relevant fragment of the theory of bit vectors (monotone propositional combinations of equalities between bitwise expressions). Our approach is sufficient to obtain efficient decision procedures implemented as Isabelle/HOL proof methods for several decidable logical theories used in C program verification by relying on the existing capabilities of well-known SMT solvers, such as Z3 and proof reconstruction capabilities of the Isabelle/HOL proof assistant.

scholarly journals Integrating Owicki–Gries for C11-Style Memory Models into Isabelle/HOL

2021 ◽  
Author(s):  
Sadegh Dalvandi ◽  
Brijesh Dongol ◽  
Simon Doherty ◽  
Heike Wehrheim
Keyword(s):  
Program Verification ◽  
Memory Models ◽  
Theorem Prover ◽  
Hoare Logic ◽  
Deductive Verification ◽  
High Level

AbstractWeak memory presents a new challenge for program verification and has resulted in the development of a variety of specialised logics. For C11-style memory models, our previous work has shown that it is possible to extend Hoare logic and Owicki–Gries reasoning to verify correctness of weak memory programs. The technique introduces a set of high-level assertions over C11 states together with a set of basic Hoare-style axioms over atomic weak memory statements (e.g. reads/writes), but retains all other standard proof obligations for compound statements. This paper takes this line of work further by introducing the first deductive verification environment in Isabelle/HOL for C11-like weak memory programs. This verification environment is built on the Nipkow and Nieto’s encoding of Owicki–Gries in the Isabelle theorem prover. We exemplify our techniques over several litmus tests from the literature and two non-trivial examples: Peterson’s algorithm and a read–copy–update algorithm adapted for C11. For the examples we consider, the proof outlines can be automatically discharged using the existing Isabelle tactics developed by Nipkow and Nieto. The benefit here is that programs can be written using a familiar pseudocode syntax with assertions embedded directly into the program.

scholarly journals An Inference Rule for the Acyclicity Property of Term Algebras

10.29007/tlw4 ◽  
2018 ◽  
Author(s):  
Simon Robillard
Keyword(s):  
Computer Science ◽  
Inference Rule ◽  
Theorem Prover ◽  
Science Reasoning ◽  
First Order ◽  
Theorem Provers ◽  
Smt Solvers ◽  
Indexing Technique ◽  
Superposition Calculus

Term algebras are important structures in many areas of mathematics and computer science. Reasoning about their theories in superposition-based first-order theorem provers is made difficult by the acyclicity property of terms, which is not finitely axiomatizable. We present an inference rule that extends the superposition calculus and allows reasoning about term algebras without axioms to describe the acyclicity property. We detail an indexing technique to efficiently apply this rule in problems containing a large number of clauses. Finally we experimentally evaluate an implementation of this extended calculus in the first-order theorem prover Vampire. The results show that this technique is able to find proofs for difficult problems that existing SMT solvers and first-order theorem provers are unable to solve.

scholarly journals KAT and PHL in Coq

2008 ◽  
Vol 5 (2) ◽  
pp. 137-160 ◽  
Author(s):  
David Pereira ◽  
Nelma Moreira
Keyword(s):  
Program Verification ◽  
Theorem Prover ◽  
Hoare Logic ◽  
Automatic Production ◽  
Kleene Algebra ◽  
Source Level ◽  
Deduction Rules

In this article we describe an implementation of Kleene algebra with tests (KAT) in the Coq theorem prover. KAT is an equational system that has been successfully applied in program verification and, in particular, it subsumes the propositional Hoare logic (PHL). We also present an PHL encoding in KAT, by deriving its deduction rules as theorems of KAT. Some examples of simple program's formal correctness are given. This work is part of a study of the feasibility of using KAT in the automatic production of certificates in the context of (source-level) Proof-Carrying-Code (PCC). .

scholarly journals AVATAR Modulo Theories

10.29007/k6tp ◽  
2018 ◽  
Author(s):  
Giles Reger ◽  
Nikolaj Bjorner ◽  
Martin Suda ◽  
Andrei Voronkov
Keyword(s):  
Theorem Proving ◽  
Satisfiability Modulo Theories ◽  
Theorem Prover ◽  
Ground Theory ◽  
Smt Solver ◽  
First Order ◽  
Proof Search ◽  
Smt Solvers ◽  
Sat Solver ◽  
A New Technique

This paper introduces a new technique for reasoning with quantifiers and theories. Traditionally, first-order theorem provers (ATPs) are well suited to reasoning with first-order problems containing many quantifiers and satisfiability modulo theories (SMT) solvers are well suited to reasoning with first-order problems in ground theories such as arithmetic. A recent development in first-order theorem proving has been the AVATAR architecture which uses a SAT solver to guide proof search based on a propositional abstraction of the first-order clause space. The approach turns a single proof search into a sequence of proof searches on (much) smaller sub-problems. This work extends the AVATAR approach to use a SMT solver in place of the SAT solver, with the effect that the first-order solver only needs to consider ground-theory-consistent sub-problems. The new architecture has been implemented using the Vampire theorem prover and Z3 SMT solver. Our experimental results, and the results of recent competitions, show that such a combination can be highly effective.

scholarly journals Planned missing data in early literacy interventions: A replication study with an additional gold standard

PLoS ONE ◽  
2021 ◽  
Vol 16 (3) ◽  
pp. e0249175
Author(s):  
Ralph C. A. Rippe ◽  
Inge Merkelbach
Keyword(s):  
Missing Data ◽  
Early Literacy ◽  
Gold Standard ◽  
Convergent Validity ◽  
Late Preterm ◽  
Literacy Intervention ◽  
Literacy Interventions ◽  
Planned Missing Data ◽  
Standard Level ◽  
Planned Missing

Introduction In a digital early literacy intervention RCT, children born late preterm fell behind peers when in a control condition, but outperformed them when assigned to the intervention. Results did however not replicate previous findings. Replication is often complicated by resource quality. Gold Standard measures are generally time-intensive and costly, while they closely align with, and are more sensitive to changes in, early literacy and language performance. A planned missing data approach, leaving these gold standard measures incomplete, might aid in addressing the origin(s) of non-replication. Methods Participants after consent were 695 p Dutch primary school pupils of normal and late preterm birth. The high-quality measures, in additional to simpler but complete measures, were intentionally administered to a random subsample of children. Five definitions of gold standard alignment were evaluated. Results Two out of five gold standard levels improved precision compared to the original results. The lowest gold standard level did not lead to improvement: precision was actually diminished. In two gold standard definitions, an alphabetical factor and a writing-only factor the model estimates were comparable to the original results. Only the most precise definition of the gold standard level replicated the original results. Conclusion Gold standard measures could only be used to improve model efficiency in RCT-designs under sufficiently high convergent validity.

Sign in / Sign up

Export Citation Format

Share Document