Filters








26 Hits in 3.9 sec

Formal Verification of a Memory Allocation Module of Contiki with Frama-C: A Case Study [chapter]

Frédéric Mangano, Simon Duquennoy, Nikolai Kosmatov
2017 Lecture Notes in Computer Science  
We present the target module, describe how the code has been specified and proven using Frama-C, a software analysis platform for C code, and discuss lessons learned.  ...  We present a successful case study on deductive verification of a memory allocation module of Contiki, a popular opensource operating system for IoT.  ...  The second author has also been partially supported by a grant from CPER Nord-Pas-de-Calais/FEDER DATA and the distributed environment Ecare@Home funded by the Swedish Knowledge Foundation 2015-2019.  ... 
doi:10.1007/978-3-319-54876-0_9 fatcat:zh7kblyebvez3fer45sjycrqhu

Formal Verification of Numerical Programs: From C Annotated Programs to Mechanical Proofs

Sylvie Boldo, Claude Marché
2011 Mathematics in Computer Science  
To achieve this high level of confidence on C programs, we use a chain of tools: Frama-C, its Jessie plugin, Why and provers among Coq, Gappa, Alt-Ergo, CVC3 and Z3.  ...  Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machine-checked proofs.  ...  An early work on floating-point support in JML for Java is presented in 2006 by Leavens [29] , where mostly runtime assertion checking is considered.  ... 
doi:10.1007/s11786-011-0099-9 fatcat:n3phbi6ulzdijnlra54hr66pu4

Climbing the Software Assurance Ladder - Practical Formal Verification for Reliable Software

Yannick Moy
2019 Electronic Communications of the EASST  
At one extreme, software with one unknown bug is not reliable. At the other extreme, perfect software is fully reliable.  ...  Experience of both long-term and new users helped us define adoption and usage guidelines for SPARK based on five levels of increasing assurance that map well with industrial needs in practice.  ...  We would like to thank the anonymous referees for their useful remarks, as well as our colleagues at AdaCore, Altran and Thales for their reviews on earlier drafts of this article. Bibliography  ... 
doi:10.14279/tuj.eceasst.76.1069 dblp:journals/eceasst/Moy18 fatcat:sz6t37y4nfg37dylrkrnv22z34

Challenges in High-Assurance Runtime Verification [chapter]

Alwyn Goodloe
2016 Lecture Notes in Computer Science  
Runtime Verification (RV) has the potential to provide protections when a system cannot be assured by conventional means, but only if the RV itself can be trusted.  ...  In this paper, we proffer a number of challenges to realizing high-assurance RV and illustrate how we have addressed them in our research.  ...  Acknowledgements: The Copilot project has been conducted in collaboration with Dr. Lee Pike (Galois).  ... 
doi:10.1007/978-3-319-47166-2_31 fatcat:kd4mxzjkb5a4ropkprkuvzqjnq

Designing a verifying compiler: Lessons learned from developing Whiley

David J. Pearce, Lindsay Groves
2015 Science of Computer Programming  
Several impressive systems have been developed to this end, such as ESC/Java and Spec#, which build on existing programming languages (e.g., Java, C#).  ...  An ongoing challenge for computer science is the development of a tool which automatically verifies programs meet their specifications, and are free from runtime errors such as divide-by-zero, array out-of-bounds  ...  Frama-C Frama-C provides a set of sound software analyses for the industrial analysis of ISO C99 source code [91] .  ... 
doi:10.1016/j.scico.2015.09.006 fatcat:epbssye4uncdvk5pk74epbyeay

Report of the HPC Correctness Summit, Jan 25--26, 2017, Washington, DC [article]

Ganesh Gopalakrishnan and Paul D. Hovland and Costin Iancu and Sriram Krishnamoorthy and Ignacio Laguna and Richard A. Lethin and Koushik Sen and Stephen F. Siegel and Armando Solar-Lezama
2017 arXiv   pre-print
We close with the proposal for a two-day workshop in which the problems identified in this report can be more broadly discussed, and specific plans to launch these new research thrusts identified.  ...  In this study, we detail one of the most significant productivity challenges in achieving this goal, namely the increasing proclivity to bugs, especially in the face of growing hardware and software heterogeneity  ...  In C, for example, assert statements are checked at runtime and a diagnostic message is printed if one fails.  ... 
arXiv:1705.07478v1 fatcat:2rebouk2tvbqhcfthfhz5abd7i

Code‐level model checking in the software development workflow at Amazon Web Services

Nathan Chong, Byron Cook, Jonathan Eidelman, Konstantinos Kallas, Kareem Khazem, Felipe R. Monteiro, Daniel Schwartz‐Narbonne, Serdar Tasiran, Michael Tautschnig, Mark R. Tuttle
2021 Software, Practice & Experience  
This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS).  ...  Using our methodology, we find that we can prove the correctness of industrial low-level C-based systems with reasonable effort and predictability.  ...  As we discuss in Section 4.1, CBMC harnesses and annotations are both written in C, which makes them easier for developers to write, and allows them to be checked as runtime assertions.  ... 
doi:10.1002/spe.2949 fatcat:3sirdpatwbdxvkard4fghvs3l4

Proving Memory Separation in a Microkernel by Code Level Verification

Christoph Baumann, Thorsten Bormer, Holger Blasum, Sergey Tverdyshev
2011 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops  
PikeOS allows applications with different safety and security levels to run on the same hardware.  ...  Obviously, a mixed-criticality system built on PikeOS relies on the correct implementation of the separation mechanisms.  ...  Acknowledgment The authors acknowledge joint work with Jérôme Creci, Dilyana Dimova as well as fruitful discussions on the VCC codeplex forum [6] , in particular with Mark Hillebrand.  ... 
doi:10.1109/isorcw.2011.14 dblp:conf/isorc/BaumannBBT11 fatcat:jd7nau5xabhppojfpfp5uinaxy

First international Competition on Runtime Verification: rules, benchmarks, tools, and final results of CRV 2014

Ezio Bartocci, Yliès Falcone, Borzoo Bonakdarpour, Christian Colombo, Normann Decker, Klaus Havelund, Yogi Joshi, Felix Klaedtke, Reed Milewicz, Giles Reger, Grigore Rosu, Julien Signoles (+3 others)
2017 International Journal on Software Tools for Technology Transfer (STTT)  
The first international Competition on Runtime Verification (CRV) was held in September 2014, in Toronto, Canada, as a satellite event of the 14th international conference on Runtime Verification (RV'14  ...  In this paper, we report on the phases and rules, a description of the participating teams and their submitted benchmark, the (full) results, as well as the lessons learned from the competition.  ...  The research performed by Klaus Havelund was carried out at Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.  ... 
doi:10.1007/s10009-017-0454-5 fatcat:u6hmnzu5tbedtcw7hpjodrgzom

Let's verify this with Why3

François Bobot, Jean-Christophe Filliâtre, Claude Marché, Andrei Paskevich
2014 International Journal on Software Tools for Technology Transfer (STTT)  
13] for Java and Frama-C [10] and its Jessie plug-in [14] for C.  ...  On a lan-guage such as C or Java, one immediately faces the extra burden of showing the absence of runtime errors such as integer overflow and invalid pointer dereferencing.  ... 
doi:10.1007/s10009-014-0314-5 fatcat:qwxwipskdneararprehtj4qlla

Continuous Formal Verification of Amazon s2n [chapter]

Andrey Chudnov, Nathan Collins, Byron Cook, Joey Dodds, Brian Huffman, Colm MacCárthaigh, Stephen Magill, Eric Mertens, Eric Mullen, Serdar Tasiran, Aaron Tomb, Eddy Westbrook
2018 Lecture Notes in Computer Science  
A key aspect of this proof infrastructure is continuous checking, to ensure that properties remain proved during the lifetime of the software.  ...  At each change to the code, proofs are automatically re-established with little to no interaction from the developers.  ...  Static analysis for hand-written cryptographic implementations has been previously reported in the context of Frama-C/PolarSSL [23], focusing on scaling memory safety verification to a large body of code  ... 
doi:10.1007/978-3-319-96142-2_26 fatcat:tefiqbkw7rdj7b23utmxg2uwia

ÜBERSPARK † : Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor

Amit Vasudevan, Sagar Chaki, Petros Maniatis, Limin Jia, Anupam Datta
unpublished
After verification, the C code is compiled using a certified compiler while the CASM code is translated into its corresponding Assembly instructions.  ...  endowing low-level system software with abstractions found in higher-level languages (e.g., objects, interfaces, function-call semantics for implementations of interfaces, access control on interfaces  ...  This work was partially supported by the Intel Science and Technology Center for Secure Computing, AFOSR MURI on Science of Cybersecurity, the NSA/CMU Science of Security Lablet, and the NSF CNS-1018061  ... 
fatcat:mrbfimn2nrcubbhxuuv5vfrxxa

Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols [article]

François Dupressoir and Andrew D. Gordon and Jan Jürjens and David A. Naumann
2013 arXiv   pre-print
with contracts based on symbolic terms; and expression of the attacker model in terms of C programs.  ...  We describe how to verify security properties of C code for cryptographic protocols by using a general-purpose verifier. We prove security theorems in the symbolic model of cryptography.  ...  Mark Hillebrand and Micha l Moskal helped with VCC methodology, and Stephan Tobies helped with understanding VCC internals.  ... 
arXiv:1312.6532v1 fatcat:fxoqlmwb4ffbxchnizwxi4eyma

QuickChecking Static Analysis Properties

Jan Midtgaard, Anders Moller
2015 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)  
that users recognise and abide by the legal requirements associated with these rights.  Users may download and print one copy of any publication from the public portal for the purpose of private study  ...  General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications  ...  A second approach emits an inferred analysis invariant as a C assertion for each program and tests whether the assertion holds when executing the decorated program.  ... 
doi:10.1109/icst.2015.7102603 dblp:conf/icst/MidtgaardM15 fatcat:sfpdlupzifhl5jrj4xebx3yg3a

Model Checking AUTOSAR Components with CBMC [article]

Timothee Durand, Katalin Fazekas, Georg Weissenbacher, Jakob Zwirchmayr
2021
Automated formal verification techniques (such as Model Checking) enable the quick detection of intricate software bugs and can, to a limited extent, even guarantee their absence.  ...  We report our efforts to deploy the openly available verification tool CBMC to verify AUTOSAR Software Components and Complex Device Drivers using Bounded Model Checking and k-induction combined with upfront  ...  To verify the results of the function pointer analysis, the bodies of functions that are unreachable according to Frama-C are replaced with failing assertions which are then checked using CBMC. D.  ... 
doi:10.34727/2021/isbn.978-3-85448-046-4_18 fatcat:tpg2ll5uo5ertaabmda2qkftc4
« Previous Showing results 1 — 15 out of 26 results