13 Hits in 0.96 sec

An Isabelle Proof Method Language [chapter]

Daniel Matichuk, Makarius Wenzel, Toby Murray
2014 Lecture Notes in Computer Science  
Machine-checked proofs are becoming ever-larger, presenting an increasing maintenance challenge. Isabelle's most popular language interface, Isar, is attractive for new users, and powerful in the hands of experts, but has previously lacked a means to write automated proof procedures. This can lead to more duplication in large proofs than is acceptable. In this paper we present Eisbach, a proof method language for Isabelle, which aims to fill this gap by incorporating Isar language elements,
more » ... making it accessible to existing users. We describe the language and the design principles on which it was developed. We evaluate its effectiveness by implementing some tactics widely-used in the seL4 verification stack, and report on its strengths and limitations.
doi:10.1007/978-3-319-08970-6_25 fatcat:j32ukqtr35di5emlzbcpqlwta4

Noninterference for Operating System Kernels [chapter]

Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Gerwin Klein
2012 Lecture Notes in Computer Science  
While intransitive noninterference is a natural property for any secure OS kernel to enforce, proving that the implementation of any particular general-purpose kernel enforces this property is yet to be achieved. In this paper we take a significant step towards this vision by presenting a machine-checked formulation of intransitive noninterference for OS kernels, and its associated sound and complete unwinding conditions, as well as a scalable proof calculus over nondeterministic state monads
more » ... r discharging these unwinding conditions across a kernel's implementation. Our ongoing experience applying this noninterference framework and proof calculus to the seL4 microkernel validates their utility and real-world applicability.
doi:10.1007/978-3-642-35308-6_12 fatcat:6ungrww2brhyfephpjgptbfm5a

Mining the Archive of Formal Proofs [chapter]

Jasmin Christian Blanchette, Maximilian Haslbeck, Daniel Matichuk, Tobias Nipkow
2015 Lecture Notes in Computer Science  
doi:10.1007/978-3-319-20615-8_1 fatcat:l3oyqzboc5bzhdxzfhhow6ahbi

Automatic Function Annotations for Hoare Logic

Daniel Matichuk
2012 Electronic Proceedings in Theoretical Computer Science  
In systems verification we are often concerned with multiple, inter-dependent properties that a program must satisfy. To prove that a program satisfies a given property, the correctness of intermediate states of the program must be characterized. However, this intermediate reasoning is not always phrased such that it can be easily re-used in the proofs of subsequent properties. We introduce a function annotation logic that extends Hoare logic in two important ways: (1) when proving that a
more » ... on satisfies a Hoare triple, intermediate reasoning is automatically stored as function annotations, and (2) these function annotations can be exploited in future Hoare logic proofs. This reduces duplication of reasoning between the proofs of different properties, whilst serving as a drop-in replacement for traditional Hoare logic to avoid the costly process of proof refactoring. We explain how this was implemented in Isabelle/HOL and applied to an experimental branch of the seL4 microkernel to significantly reduce the size and complexity of existing proofs.
doi:10.4204/eptcs.102.6 fatcat:inymqhsu5fdfnmqemopcwuhz3u

Provably trustworthy systems

Gerwin Klein, June Andronick, Gabriele Keller, Daniel Matichuk, Toby Murray, Liam O'Connor
2017 Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences  
Matichuk designed and implemented the spec and proof size metrics, and carried out their data collection in the proof estimation work; Toby Murray implemented and carried out metric evaluation work for  ...  June Andronick was involved in the proof engineering estimation work, in particular in collecting and measuring proof effort and data analysis; Gabriele Keller lead the code/proof co-generation project; Daniel  ... 
doi:10.1098/rsta.2015.0404 pmid:28871053 fatcat:cqrp6q4u7bhw3jgrw5sbbyt5zy

Proof of OS Scheduling Behavior in the Presence of Interrupt-Induced Concurrency [chapter]

June Andronick, Corey Lewis, Daniel Matichuk, Carroll Morgan, Christine Rizkallah
2016 Lecture Notes in Computer Science  
We present a simple yet scalable framework for formal reasoning and machine-assisted proof of interrupt-driven concurrency in operating-system code, and use it to prove the principal scheduling property of the embedded, real-time eChronos OS : that the running task is always the highest-priority runnable task. The key differentiator of this verification is that the OS code itself runs with interrupts on, even within the scheduler, to minimise latency. Our reasoning includes context switching,
more » ... terleaving with interrupt handlers and nested interrupts; and it is formalised in Isabelle/HOL, building on the Owicki-Gries method for fine-grained concurrency. We add support for explicit concurrency control and the composition of multiple independently-proven invariants. Finally, we discuss how scalability issues are addressed with proof engineering techniques, in order to handle thousands of proof obligations.
doi:10.1007/978-3-319-43144-4_4 fatcat:atb66cfup5hvhha64uhddsfk4q

Bridging the Gap: Automatic Verified Abstraction of C [chapter]

David Greenaway, June Andronick, Gerwin Klein
2012 Lecture Notes in Computer Science  
Acknowledgements We are grateful to Matthias Daum, Daniel Matichuk, Thomas Sewell and the anonymous reviewers for their feedback on drafts of this paper.  ... 
doi:10.1007/978-3-642-32347-8_8 fatcat:zbzmtczojjflvhr27bcatmzbse

A Proof Strategy Language and Proof Script Generation for Isabelle/HOL [article]

Yutaka Nagashima, Ramana Kumar
2017 arXiv   pre-print
Leonardo de Moura, Daniel Matichuk, Kai Engelhardt, and Gerwin Klein provided valuable comments on an early draft of this paper.  ... 
arXiv:1606.02941v9 fatcat:m7f7jzd345a3nffibwnb64rzjy

Estimation of black carbon emissions from Siberian fires using satellite observations of absorption and extinction optical depths

Igor B. Konovalov, Daria A. Lvova, Matthias Beekmann, Hiren Jethva, Eugene F. Mikhailov, Jean-Daniel Paris, Boris D. Belan, Valerii S. Kozlov, Philippe Ciais, Meinrat O. Andreae
2018 Atmospheric Chemistry and Physics Discussions  
., Ichoku and Kaufman, 2005; Matichuk et al., 2008; Kaiser et al., 2012; Petrenko et al., 2012; Huneeus et al., 2013; Xu et al., 2013; Atmos. Chem. Phys.  ... 
doi:10.5194/acp-2018-469 fatcat:otashe7odnguhkjbhzv2ctqoki

Estimation of black carbon emissions from Siberian fires using satellite observations of absorption and extinction optical depths

Igor B. Konovalov, Daria A. Lvova, Matthias Beekmann, Hiren Jethva, Eugene F. Mikhailov, Jean-Daniel Paris, Boris D. Belan, Valerii S. Kozlov, Philippe Ciais, Meinrat O. Andreae
2018 Atmospheric Chemistry and Physics  
., Ichoku and Kaufman, 2005; Matichuk et al., 2008; Kaiser et al., 2012; Petrenko et al., 2012 Petrenko et al., , 2017 Huneeus et al., 2013; Xu et al., 2013; Konovalov et al., 2014 Konovalov et al., ,  ... 
doi:10.5194/acp-18-14889-2018 fatcat:on4vrfudojfihpj2p2fihgigjm

Comprehensive formal verification of an OS microkernel

Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, Gernot Heiser
2014 ACM Transactions on Computer Systems  
Matichuk, Jia Meng, Catherine Menon, Magnus Myreen, Michael Norrish, Sean Seefried, Yao Shi, David Tsai, Harvey Tuch, Adam Walker, and  ...  Bourke, Matthew Brassil, Adrian Danis, Matthias Daum, Jeremy Dawson, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Matthew Fernandez, Peter Gammie, Xin Gao, David Greenaway, Ihor Kuz, Corey Lewis, Daniel  ... 
doi:10.1145/2560537 fatcat:wgaqjtqacfen3nd2apj4z4eldm

From Prohibition to Administrative Regulation: The Battle for Liquor Control in Alberta, 1916 to 1939

Sarah E. M. Hamill
At least one Ukrainian Albertan, TJ Matichuk, attempted to access the protections afforded by a good reputation.  ...  Hurley (London: Penguin, 1998) at 140. 20 Jessica Warner, "A Foucauldian Hangover", Book Review of Try to Control Yourself: The Regulation of Public Drinking in Post-Prohibition Ontario, 1927 -44 by Daniel  ... 
doi:10.7939/r3t727q37 fatcat:g7rlh2hm2nbpxmbmhm2glzwcjy

Constraints on ozone removal by land and implications for 21st Century ozone pollution

Olivia Elaine Clifton
For this image, we use the WindRose MATLAB package created by Daniel Pereira. Figure C. 13 :Figure C. 14 : 1314 Multiyear June-September hourly mean stomatal conductance (g s ) at Harvard Forest.  ...  Although previous studies have examined the wintertime O 3 sensitivity to O 3 DD over the polluted Uintah oil and gas basin in western US (Matichuk et al., 2017) and boreal and arctic regions (Helmig et  ... 
doi:10.7916/d8709j8t fatcat:u2msmckpezabvelgokm3ixiym4