Technical presentation
|
|
- Gervais Hensley
- 5 years ago
- Views:
Transcription
1 TOWARDS A COGNITIVE COMPUTING PLATFORM SUPPORTING A UNIFIED APPROACH TOWARDS PRIVACY, SECURITY AND SAFETY (PSS) OF IOT SYSTEMS The VESSEDIA Project Technical presentation Armand PUCCETTI, CEA Rome, 11th October 2018 CHARIOT 1 st Workshop, 11 October 2018, Rome 1
2 Project objectives VESSEDIA is H2020 project in Work programme DS Assurance and Certification for Trustworthy and Secure ICT systems, services and components Aims at developing tools to improve the V&V of IoT software applications, inspired from the tools used already for safety-critical embedded systems. Tools to reason at source code level Tools to V&V formally some code and provide a 100% guarantee that all possible faults of given categories are extracted Tools for large-scale applications Tools combined with Dynamic Analysis tools Tools supported by a V&V methodology Tools referring CWE items Tools for easy use by any IoT developer of C/C++/Java code CHARIOT 1 st Workshop, 11 October 2018, Rome 2
3 Source code analysis Source code is the most adequate level representation of a software on which a developer reasons, suitable for analysis. We address C, C++ and Java languages and improve their analysis tools C, C++ and Java for mobile applications, and interfaces to binary/assembler vulnerabilities detection tools. CHARIOT 1 st Workshop, 11 October 2018, Rome 3
4 V&V Tools Frama-C Formal methods are based on mathematical models of programs (e.g. Z for integers) to reason about programs. Formal methods use a formal semantics of programs to understand their computational model, e.g. operational semantics, denotational semantics or axiomatic semantics. For imperative programming languages, the preferred formal methods are Hoare Logic and Abstract Interpretation. Hoare, C. A. R. "An axiomatic basis for computer programming. Communications of the ACM. 12 (10): 576, 580, October R. W. Floyd. "Assigning meanings to programs." Proceedings of the American Mathematical Society Symposia on Applied Mathematics. Vol. 19, pp P. Cousot & R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages , Los Angeles, California, ACM Press, New York. CHARIOT 1 st Workshop, 11 October 2018, Rome 4
5 Abstract Interpretation Plug-in EVA (Evolved Value Analysis)
6 An example with Frama-C EVA 1 #include <stdlib.h> 2 3 int main() { 4 int * tab = (int *) malloc(sizeof(int)*10); 5 int i; 6 7 /*@ loop pragma UNROLL 10; */ 8 for ( i=0; i<11; i++ ) 9 tab[i]=1; 10 return 0; } Assuming the platform is Linux x86_64 and using the Frama-C built-ins for libc, the analysis produces: [eva:alarm] f.c:9: Warning: out of bounds write. assert \valid(tab + i); CHARIOT 1 st Workshop, 11 October 2018, Rome 6
7 Hoare Logic Plug-in WP (Weakest Preconditions calculus)
8 An example with Frama-C ACSL - iota Assign sequentially increasing values to a range, where the initial value is user-defined. The signature reads: void iota(value_type* a, size_type n, value_type val); Starting at val, the function assigns consecutive integers to the elements of the range a. Be careful to deal with possible overflows of the argument val! predicate Iota(value_type* a, integer n, value_type v) = \forall integer i; 0 <= i < n ==> a[i] == v + i; The specification of this function is /*@ requires \valid(a + (0..n-1)); requires limit: val + n <= VALUE_TYPE_MAX; // Avoid overflow assigns a[0..n-1]; ensures Iota(a, n, val); */ CHARIOT 1 st Workshop, 11 October 2018, Rome 8
9 An example with Frama-C ACSL iota (cont d) Source code and proof of iota: typedef int value_type; predicate Iota(value_type* a, integer n, value_type v) = \forall integer i; 0 <= i < n ==> a[i] == v+i; */ /*@ requires valid: \valid(a + (0..n-1)); requires limit: val + n <= VALUE_TYPE_MAX; assigns a[0..n-1]; ensures increment: Iota(a, n, val); */ void iota(value_type * a, int n, value_type val) { /*@ loop invariant bound: 0 <= i <= n; loop invariant limit: val == \at(val, Pre) + i; loop invariant increment: Iota(a, i, \at(val, Pre)); loop assigns i, val, a[0..n-1]; loop variant n-i; */ for (int i = 0; i < n; ++i) { a[i] = val++; }; return; } CHARIOT 1 st Workshop, 11 October 2018, Rome 9
10 VESSEDIA results At mid-period
11 Platforms V&V Tools Frama-C for analysis and proof of C/C++ source code VeriFast for the analysis of Java and C source code FlowGuard for the analysis of CFI/DFI properties of binary code Papyrus/Diversity for modelling and simulation Several plug-ins for these tools: Frama-clang - analysis of C++ source code by translation into C source code AFL_SCA - fuzz testing of source code after Abstract Interpretation has been done E-ACSL - monitoring : compilation of ACSL assertions into binary code Diversity-to-ACSL - generation of ACSL trace properties SecSoftML - modelling SAaaS proofs in the cloud RPP proof of functions sequence properties CHARIOT 1 st Workshop, 11 October 2018, Rome 11
12 Use-cases Contiki OS (Inria) C Focus on IPv6 stack and OS primitives C source code mainly Evaluate handling of specific patterns, e.g. Protothreads Using Frama-C 6LowPAN Management Platform (CEA) OTA reprogramming in multi-hop networks (Contiki-based) Entities: 6LoWPAN nodes (C), gateway (Java), management server Using Frama-C and VeriFast Aircraft Maintenance System (DA) Diagnosis and failure prevention, embedded in a civil aircraft Entities: proprietary gateway (C) and open-source proxy server (C++) Using Frama-C, AFL and CFI/DFI integrated into the CURSOR method CHARIOT 1 st Workshop, 11 October 2018, Rome
13 The VESSEDIA use-case Contiki-OS An Open Source OS for the Internet of Things Open source: BSD C source code Supports many embedded platforms Supports standard low-power IPv6 3.9 KLOC of high-priority source code 23.5 KLOC of medium priority Analyses achieved Linked list module verified using WP with ghost code and executable specifications Minimal contracts for core/lib and core/sys libraries with ACSL Absence of RTE verified for AES & CCM* modules using WP Contiki NG analysed with EVA and new plug-ins for recursive functions and loops annotations CHARIOT 1 st Workshop, 11 October 2018, Rome
14 V&V Methodology V&V methodology selects tools and method according to verification needs and business constraints Basic (compiler diagnostics) Simple (non-portable and suspicious program parts) Advanced (enforcing given programming guidelines) Formal (e.g. provably establishing the absence of run-time errors) Modelling framework UML/Papyrus permits to model a system with Statecharts, sequence diagrams, etc. Diversity allows to define security properties of sub-systems for analysis with Frama-C CURSOR method combining SA and DA tools (Frama-C EVA/E-ACSL with AFL and CFI/DFI) Economic rationale and metrics CHARIOT 1 st Workshop, 11 October 2018, Rome 14
15 The DA-SA CURSOR Method Component of Unit Robustness for Security Objectives and Requirements auto-detection of some CWE by abstract interpretation translate ACSL alarms into source code operate against targeted CWE Frama-C Value Gena-CWE 457,570,571, Frama-C E-ACSL user's implementation of counter-measures pentest process / C original source code C with CWE alarms alarms expressed in ACSL C "CWE instrumented" C "CWE proof" j = i + 1; x = *(p+j); /*@ assert i+1<=max_int; */ j = i + 1; /*@ assert \valid_read(p+j); */ x = *(p+j); e_assert(i+1<=maxint,"ovfl"); j = i + 1; e_valid(p,j,"vld"); x = *(p+j); e_assert(i+1<=maxint,"ovfl"); j = i + 1; e_valid(p,j,"vld"); x = *(p+j); All alarms are processed, spurious or not! CMx to be proved formally with Frama-C tools?? CM1() { } CM2() { } Some strategies may limit extra-code generation CM libs can be either specific to the alarm context,... or totally generic! CHARIOT 1 st Workshop, 11 October 2018, Rome 15
16 Certification and Security Evaluation Security vulnerabilities detection Assess the project s tools for vulnerabilities detection Coverage of vulnerabilities C++ vulnerabilities -> in progress Security evaluation Assess tools from the perspective of security evaluator Review security evaluation methodologies Integrate tools in the security evaluation process -> in progress CHARIOT 1 st Workshop, 11 October 2018, Rome 16
17 Contact Details CEA (Technical) Armand PUCCETTI Technikon (Coordination) Ursula Polessnig See also our web site : CHARIOT 1 st Workshop, 11 October 2018, Rome 17
Practical introduction to Frama-C (without Mathematical notations ;-) )
Practical introduction to Frama-C (without Mathematical notations ;-) ) David MENTRÉ Using content of Jochen Burghardt (Fraunhofer First), Virgile Prevosto (CEA), Julien Signoles
More informationFrama-C WP Tutorial. Virgile Prevosto, Nikolay Kosmatov and Julien Signoles. June 11 th, 2013
Frama-C WP Tutorial Virgile Prevosto, Nikolay Kosmatov and Julien Signoles June 11 th, 2013 Motivation Main objective: Rigorous, mathematical proof of semantic properties of a program functional properties
More informationAn Eclipse Plug-in for Model Checking
An Eclipse Plug-in for Model Checking Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala Electrical Engineering and Computer Sciences University of California, Berkeley, USA Rupak Majumdar Computer Science
More informationA Lesson on Runtime Assertion Checking with Frama-C
A Lesson on Runtime Assertion Checking with Frama-C Nikolai Kosmatov and Julien Signoles CEA, LIST, Software Reliability Laboratory, PC 174 91191 Gif-sur-Yvette France firstname.lastname@cea.fr Abstract.
More informationDeductive Verification in Frama-C and SPARK2014: Past, Present and Future
Deductive Verification in Frama-C and SPARK2014: Past, Present and Future Claude Marché (Inria & Université Paris-Saclay) OSIS, Frama-C & SPARK day, May 30th, 2017 1 / 31 Outline Why this joint Frama-C
More informationDeductive Program Verification with Why3, Past and Future
Deductive Program Verification with Why3, Past and Future Claude Marché ProofInUse Kick-Off Day February 2nd, 2015 A bit of history 1999: Jean-Christophe Filliâtre s PhD Thesis Proof of imperative programs,
More informationAutomatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013
Automatic Qualification of Abstract Interpretation-based Static Analysis Tools Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013 2 Functional Safety Demonstration of functional correctness Well-defined
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More informationCSC313 High Integrity Systems/CSCM13 Critical Systems. CSC313/CSCM13 Chapter 2 1/ 221
CSC313 High Integrity Systems/CSCM13 Critical Systems CSC313/CSCM13 Chapter 2 1/ 221 CSC313 High Integrity Systems/ CSCM13 Critical Systems Course Notes Chapter 2: SPARK Ada Sect. 2 (f) Anton Setzer Dept.
More informationStructuring an Abstract Interpreter through Value and State Abstractions: EVA, an Evolved Value Analysis for Frama C
Structuring an Abstract Interpreter through Value and State Abstractions: EVA, an Evolved Value Analysis for Frama C David Bühler CEA LIST, Software Safety Lab Frama-C & SPARK Day 2017 May 30th, 2017 David
More informationA Comparison of SPARK with MISRA C and Frama-C
A Comparison of SPARK with MISRA C and Frama-C Johannes Kanig, AdaCore October 2018 Abstract Both SPARK and MISRA C are programming languages intended for high-assurance applications, i.e., systems where
More informationFormal Methods. CITS5501 Software Testing and Quality Assurance
Formal Methods CITS5501 Software Testing and Quality Assurance Pressman, R. Software Engineering: A Practitioner s Approach. Chapter 28. McGraw-Hill, 2005 The Science of Programming, David Gries, 1981
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More informationReminder of the last lecture. Aliasing Issues: Call by reference, Pointer programs. Introducing Aliasing Issues. Home Work from previous lecture
Reminder of the last lecture Aliasing Issues: Call by reference, Pointer programs Claude Marché Cours MPRI 2-36-1 Preuve de Programme 18 janvier 2017 Additional features of the specification language Abstract
More informationFrama-C A Collaborative Framework for C Code Verification
Frama-C A Collaborative Framework for C Code Verification Tutorial at ISSRE 2017 Nikolai Kosmatov, Julien Signoles Toulouse, October 26 th, 2017 N. Kosmatov, J. Signoles (CEA LIST) Frama-C 2017-10-26 1
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationA Partial Correctness Proof for Programs with Decided Specifications
Applied Mathematics & Information Sciences 1(2)(2007), 195-202 An International Journal c 2007 Dixie W Publishing Corporation, U. S. A. A Partial Correctness Proof for Programs with Decided Specifications
More informationWP Tutorial. WP 0.6 for Oxygen Patrick Baudin, Loïc Correnson, Philippe Hermann. CEA LIST, Software Safety Laboratory
WP Tutorial WP Tutorial WP 0.6 for Oxygen-20120901 Patrick Baudin, Loïc Correnson, Philippe Hermann CEA LIST, Software Safety Laboratory c 2010-2012 CEA LIST This work is based on the book ACSL by Example
More informationChapter 3 (part 3) Describing Syntax and Semantics
Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings
More informationProof Carrying Code(PCC)
Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing
More informationSemantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics
There is no single widely acceptable notation or formalism for describing semantics Operational Describe the meaning of a program by executing its statements on a machine, either simulated or actual. The
More informationChapter 1. Introduction
1 Chapter 1 Introduction An exciting development of the 21st century is that the 20th-century vision of mechanized program verification is finally becoming practical, thanks to 30 years of advances in
More informationA Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software
A Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software Rovedy A. B. e Silva 1,2, Jose M. Parente de Oliveira 2, and Jorge Sousa Pinto 3 1 Aeronautics and Space
More informationStatic Analysis of the XEN Kernel using Frama-C
Journal of Universal Computer Science, vol. 16, no. 4 (2010), 543-553 submitted: 10/10/09, accepted: 21/10/09, appeared: 28/4/10 J.UCS Static Analysis of the XEN Kernel using Frama-C Armand Puccetti (CEA
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationJay Abraham 1 MathWorks, Natick, MA, 01760
Jay Abraham 1 MathWorks, Natick, MA, 01760 Stringent performance requirements and shorter development cycles are driving the use of modeling and simulation. Model-Based Design core of this development
More informationDifférents cas d application de l'analyse Statique avec Frama-C dans un contexte industriel
Différents cas d application de l'analyse Statique avec Frama-C dans un contexte industriel DAS Systèmes Embarqués Agenda Use Case 1 Integrating Runtime Error Detection in the process with Frama-C Use
More informationAbstract Interpretation
Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/6/2018 2017-2018 Philip Koopman Programming can be fun, so can cryptography; however they should not be combined. Kreitzberg and Shneiderman 2017-2018 Philip Koopman
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationProgram Verification (6EC version only)
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language
More informationStatic analysis of concurrent avionics software
Static analysis of concurrent avionics software with AstréeA Workshop on Static Analysis of Concurrent Software David Delmas Airbus 11 September 2016 Agenda 1 Industrial context Avionics software Formal
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationSelf-checking software insert specifications about the intent of a system
Assertions Reading assignment A. J. Offutt, A Practical System for Mutation Testing: Help for the Common Programmer, Proceedings of the 12th International Conference on Testing Computer Software, Washington,
More informationHomework #1, on the class web pages later today
Assertions Reading assignment A. J. Offutt, A Practical System for Mutation Testing: Help for the Common Programmer, Proceedings of the 12th International Conference on Testing Computer Software, Washington,
More informationThe Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England
The Formal Semantics of Programming Languages An Introduction Glynn Winskel The MIT Press Cambridge, Massachusetts London, England Series foreword Preface xiii xv 1 Basic set theory 1 1.1 Logical notation
More informationFrama-C Value Analysis
Frama-C Value Analysis Séminaire CAP TRONIC Virgile Prevosto virgile.prevosto@cea.fr June 18 th, 2015 Outline Introduction Abstract domains Arithmetic Memory Methodology Basic commands Parameters Introduction
More informationWP Plug-in (Draft) Manual
WP (Draft Manual) WP Plug-in (Draft) Manual Frama-C Carbon 20101202 beta-2 Loïc Correnson, Zaynah Dargaye, Anne Pacalet CEA LIST, Software Reliability Laboratory c 2010 CEA LIST This work has been supported
More informationFormal Verification of MIX Programs
Formal Verification of MIX Programs Jean-Christophe Filliâtre CNRS LRI, Univ Paris-Sud, Orsay F-91405 INRIA Futurs, ProVal, Orsay F-91893 Abstract We introduce a methodology to formally verify MIX programs.
More informationInformal Semantics of Data. semantic specification names (identifiers) attributes binding declarations scope rules visibility
Informal Semantics of Data semantic specification names (identifiers) attributes binding declarations scope rules visibility 1 Ways to Specify Semantics Standards Documents (Language Definition) Language
More informationSoftware Verification of Safety-Critical Aerospace Systems1
Software Verification of Safety-Critical Aerospace Systems1 Ce sar A. Mun oz Alwyn Goodloe {cesar.a.munoz,a.goodloe}@nasa.gov Frama-C Day 2016 June 20th, 2016 1 This presentation reports joint work with
More informationait: WORST-CASE EXECUTION TIME PREDICTION BY STATIC PROGRAM ANALYSIS
ait: WORST-CASE EXECUTION TIME PREDICTION BY STATIC PROGRAM ANALYSIS Christian Ferdinand and Reinhold Heckmann AbsInt Angewandte Informatik GmbH, Stuhlsatzenhausweg 69, D-66123 Saarbrucken, Germany info@absint.com
More informationVerification Condition Generation
Verification Condition Generation Jorge Sousa Pinto Departamento de Informática / Universidade do Minho jsp@di.uminho.pt www.di.uminho.pt/~jsp Outline (1) - From Hoare Logic to VCGen algorithms: an architecture
More informationNumerical Computations and Formal Methods
Program verification Formal arithmetic Decision procedures Proval, Laboratoire de Recherche en Informatique INRIA Saclay IdF, Université Paris Sud, CNRS October 28, 2009 Program verification Formal arithmetic
More informationWP 0.4 (Draft Manual)
WP 0.4 (Draft Manual) WP Plug-in (Draft) Manual Version 0.4 for Nitrogen-20111001 Loïc Correnson, Zaynah Dargaye, Anne Pacalet CEA LIST, Software Safety Laboratory c 2010-2011 CEA LIST This work has been
More informationApplication: Programming Language Semantics
Chapter 8 Application: Programming Language Semantics Prof. Dr. K. Madlener: Specification and Verification in Higher Order Logic 527 Introduction to Programming Language Semantics Programming Language
More informationProgram Static Analysis. Overview
Program Static Analysis Overview Program static analysis Abstract interpretation Data flow analysis Intra-procedural Inter-procedural 2 1 What is static analysis? The analysis to understand computer software
More informationS1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation
S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING Competitiveness of Industry by means of Cross Fertilisation STORYLINE: FOCUS ON KEY ENABLERS FOR DISTRIBUTED INDUSTRIALS SYSTEMS HOW
More informationSoftwaretechnik. Program verification. Albert-Ludwigs-Universität Freiburg. June 28, Softwaretechnik June 28, / 24
Softwaretechnik Program verification Albert-Ludwigs-Universität Freiburg June 28, 2012 Softwaretechnik June 28, 2012 1 / 24 Road Map Program verification Automatic program verification Programs with loops
More informationAdvanced Test Coverage Criteria: Specify and Measure, Cover and Unmask
Advanced Test Coverage Criteria: Specify and Measure, Cover and Unmask Sébastien Bardin & Nikolai Kosmatov joint work with Omar Chebaro, Robin David, Mickaël Delahaye, Michaël Marcozzi, Mike Papadakis,
More informationGNAT Pro Innovations for High-Integrity Development
GNAT Pro Innovations for High-Integrity Development José F. Ruiz Senior Software Engineer Ada Europe 2010, Valencia 2010-06-15 www.adacore.com Index Development environment Tools Static
More informationFrama-Clang, a C++ front-end for Frama-C
Frama-Clang, a C++ front-end for Frama-C Frama-C Day Virgile Prevosto joint work with Franck Ve drine June 20th, 2016 ntroduction Context Stance Project http://stance-project.eu/ Security analyzes with
More informationChapter 3. Describing Syntax and Semantics ISBN
Chapter 3 Describing Syntax and Semantics ISBN 0-321-49362-1 Chapter 3 Topics Describing the Meanings of Programs: Dynamic Semantics Copyright 2015 Pearson. All rights reserved. 2 Semantics There is no
More informationResearch on the Static Analysis Method of the Localization Embedded Platform Software Code Zhijie Gaoa, Ling Lu, Wen Jiao
6th International Conference on Information Engineering for Mechanics and Materials (ICIMM 2016) Research on the Static Analysis Method of the Localization Embedded Platform Software Code Zhijie Gaoa,
More informationWP 0.6 (Draft Manual)
WP 0.6 (Draft Manual) WP Plug-in (Draft) Manual Version 0.6 for Oxygen-20120901 Patrick Baudin, Loïc Correnson, Zaynah Dargaye CEA LIST, Software Safety Laboratory c 2010-2012 CEA LIST This work has been
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationTVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS*
TVLA: A SYSTEM FOR GENERATING ABSTRACT INTERPRETERS* Tal Lev-Ami, Roman Manevich, and Mooly Sagiv Tel Aviv University {tla@trivnet.com, {rumster,msagiv}@post.tau.ac.il} Abstract TVLA (Three-Valued-Logic
More informationThe Verification Grand Challenge and Abstract Interpretation
The Verification Grand Challenge and Abstract Interpretation Patrick Cousot École normale supérieure, 45 rue d Ulm 75230 Paris cedex 05, France Patrick.Cousot ens fr Visiting the Aeronautics and Astronautics
More informationAdvances in Programming Languages
T O Y H Advances in Programming Languages APL4: JML The Java Modeling Language David Aspinall (slides originally by Ian Stark) School of Informatics The University of Edinburgh Thursday 21 January 2010
More informationG Programming Languages - Fall 2012
G22.2110-003 Programming Languages - Fall 2012 Lecture 4 Thomas Wies New York University Review Last week Control Structures Selection Loops Adding Invariants Outline Subprograms Calling Sequences Parameter
More informationWhy3 where programs meet provers
Why3 where programs meet provers Jean-Christophe Filliâtre CNRS KeY Symposium 2017 Rastatt, Germany October 5, 2017 history started in 2001, as an intermediate language in the process of verifying C and
More informationStatic Analysis Techniques
oftware Design (F28SD2): Static Analysis Techniques 1 Software Design (F28SD2) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh oftware
More informationArchitecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL
Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL Restricted Siemens AG 2017 Realize innovation. Content 1 Overview 3 2 LMS Imagine.Lab
More informationWhy3 A Multi-Prover Platform for Program Verification
Why3 A Multi-Prover Platform for Program Verification Jean-Christophe Filliâtre CNRS joint work with Andrei Paskevich, Claude Marché, and François Bobot ProVal team, Orsay, France IFIP WG 1.9/2.14 Verified
More informationCOMPOSABILITY, PROVABILITY, REUSABILITY (CPR) FOR SURVIVABILITY
AFRL-IF-RS-TR-2002-61 Final Technical Report April 2002 COMPOSABILITY, PROVABILITY, REUSABILITY (CPR) FOR SURVIVABILITY Kestrel Institute Sponsored by Defense Advanced Research Projects Agency DARPA Order
More informationThe SANTE Tool: Value Analysis, Program Slicing and Test Generation for C Program Debugging
The SANTE Tool: Value Analysis, Program Slicing and Test Generation for C Program Debugging Omar Chebaro, Nikolai Kosmatov, Alain Giorgetti, Jacques Julliand To cite this version: Omar Chebaro, Nikolai
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationHybrid Verification in SPARK 2014: Combining Formal Methods with Testing
IEEE Software Technology Conference 2015 Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing Steve Baird Senior Software Engineer Copyright 2014 AdaCore Slide: 1 procedure Array_Indexing_Bug
More information6. Hoare Logic and Weakest Preconditions
6. Hoare Logic and Weakest Preconditions Program Verification ETH Zurich, Spring Semester 07 Alexander J. Summers 30 Program Correctness There are many notions of correctness properties for a given program
More informationVerification Conditions. Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany
Verification Conditions Juan Pablo Galeotti, Alessandra Gorla, Andreas Rau Saarland University, Germany 30% projects (10% each) At least 50% threshold for exam admittance Groups of 2 70% final exam (see
More informationRecursion. What is Recursion? Simple Example. Repeatedly Reduce the Problem Into Smaller Problems to Solve the Big Problem
Recursion Repeatedly Reduce the Problem Into Smaller Problems to Solve the Big Problem What is Recursion? A problem is decomposed into smaller sub-problems, one or more of which are simpler versions of
More informationProgramming with Contracts. Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany
Programming with Contracts Juan Pablo Galeotti, Alessandra Gorla Saarland University, Germany Contract A (formal) agreement between Method M (callee) Callers of M Rights Responsabilities Rights Responsabilities
More informationRuntime Behavior of Conversion Interpretation of Subtyping
Runtime Behavior of Conversion Interpretation of Subtyping Yasuhiko Minamide Institute of Information Sciences and Electronics University of Tsukuba and PRESTO, JST minamide@is.tsukuba.ac.jp Abstract.
More informationTo be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability
More informationFlight Systems are Cyber-Physical Systems
Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November
More informationFormal Verification With Frama-C: A Case Study in the Space Software Domain
IEEE TRANSACTIONS ON RELIABILITY 1 Formal Verification With Frama-C: A Case Study in the Space Software Domain Rovedy Aparecida Busquim e Silva, NanciNaomiArai, LucianaAkemiBurgareli, Jose Maria Parente
More informationINTRODUCTION TO C PROGRAM PROOF USING FRAMA-C AND ITS WP PLUGIN
INTRODUCTION TO C PROGRAM PROOF USING FRAMA-C AND ITS WP PLUGIN Allan Blanchard December 2017 Contents 1 Introduction 5 2 Program proof and our tool for this tutorial: Frama-C 7 2.1 Program proof......................................
More informationThe Rule of Constancy(Derived Frame Rule)
The Rule of Constancy(Derived Frame Rule) The following derived rule is used on the next slide The rule of constancy {P } C {Q} {P R} C {Q R} where no variable assigned to in C occurs in R Outline of derivation
More informationMain Goal. Language-independent program verification framework. Derive program properties from operational semantics
Main Goal Language-independent program verification framework Derive program properties from operational semantics Questions: Is it possible? Is it practical? Answers: Sound and complete proof system,
More informationG Programming Languages - Fall 2012
G22.2110-003 Programming Languages - Fall 2012 Lecture 3 Thomas Wies New York University Review Last week Names and Bindings Lifetimes and Allocation Garbage Collection Scope Outline Control Flow Sequencing
More informationMIDTERM EXAMINATION - CS130 - Spring 2005
MIDTERM EAMINATION - CS130 - Spring 2005 Your full name: Your UCSD ID number: This exam is closed book and closed notes Total number of points in this exam: 231 + 25 extra credit This exam counts for 25%
More informationA Lesson on Proof of Programs with Frama-C. Invited Tutorial Paper
A Lesson on Proof of Programs with Frama-C. Invited Tutorial Paper Nikolai Kosmatov, Virgile Prevosto, and Julien Signoles CEA, LIST, Software Reliability Laboratory, PC 174, 91191 Gif-sur-Yvette France
More informationSafeRiver SME. Added Value Solutions for Embedded Systems. Tools for FuSa and Software Security. Packaged Services. CIR agreed
SafeRiver SME Independent- founded december 2005 18 consultants highly skilled in Software and Formal methods Turnover 2015: 1,5M (excluding R&D public fundings) Added Value Solutions for Embedded Systems
More informationHoare Logic: Proving Programs Correct
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture
More informationCSE 307: Principles of Programming Languages
CSE 307: Principles of Programming Languages Advanced Topics R. Sekar Topics 1 / 14 1. 2 / 14 Section 1 3 / 14 Semantics of Programs Syntax defines what programs are valid. Semantics defines what the valid
More informationCombining Static and Dynamic Contract Checking for Curry
Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 1 Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages
More informationD4.1. Metrics for VESSEDIA tools in quality assurance WP 4
D4.1 Metrics for VESSEDIA tools in quality assurance Project number: 731453 Project acronym: Project title: VESSEDIA Start date of the project: 1 st January, 2017 Duration: Programme: Verification engineering
More informationA Fitness Function to Find Feasible Sequences of Method Calls for Evolutionary Testing of Object-Oriented Programs
A Fitness Function to Find Feasible Sequences of Method Calls for Evolutionary Testing of Object-Oriented Programs Myoung Yee Kim and Yoonsik Cheon TR #7-57 November 7; revised January Keywords: fitness
More informationF-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
More informationProgram Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
More informationCOSC252: Programming Languages: Semantic Specification. Jeremy Bolton, PhD Adjunct Professor
COSC252: Programming Languages: Semantic Specification Jeremy Bolton, PhD Adjunct Professor Outline I. What happens after syntactic analysis (parsing)? II. Attribute Grammars: bridging the gap III. Semantic
More informationPrinciples of Program Analysis. Lecture 1 Harry Xu Spring 2013
Principles of Program Analysis Lecture 1 Harry Xu Spring 2013 An Imperfect World Software has bugs The northeast blackout of 2003, affected 10 million people in Ontario and 45 million in eight U.S. states
More informationDesign by Contract: An Overview
: An Overview CSCI 5828 Michael M. Vitousek University of Colorado at Boulder michael.vitousek@colorado.edu March 21, 2012 1 / 35 Outline 1 Introduction Motivation and Introduction Simple Example Contract
More informationMixing formal methods to increase robustness against cyber-attacks
Mixing formal methods to increase robustness against cyber-attacks Laurent Voisin 29/06/2018 Systerel in a nutshell Critical systems engineering System Expertise Safety Cyber-security Critical Systems
More informationIntegrating verification in programming languages
Integrating verification in programming languages Thomas Jensen, INRIA Seminar INRIA Rennes, 04/11/2015 Collège de France Chaire Algorithmes, machines et langages x / y Types For division to make sense,
More informationA Hoare Logic Contract Theory: An Exercise in Denotational Semantics
A Hoare Logic Contract Theory: An Exercise in Denotational Semantics Dilian Gurov and Jonas Westman Abstract We sketch a simple theory of Hoare logic contracts for programs with procedures, presented in
More informationWhy. an intermediate language for deductive program verification
Why an intermediate language for deductive program verification Jean-Christophe Filliâtre CNRS Orsay, France AFM workshop Grenoble, June 27, 2009 Jean-Christophe Filliâtre Why tutorial AFM 09 1 / 56 Motivations
More informationINFORMATION AND COMMUNICATION TECHNOLOGIES (ICT) PROGRAMME. Project FP7-ICT-2009-C CerCo. Report D5.1 Untrusted CerCo Prototype
INFORMATION AND COMMUNICATION TECHNOLOGIES (ICT) PROGRAMME Project FP7-ICT-2009-C-243881 CerCo Report D5.1 Untrusted CerCo Prototype Version 1.0 Main Authors: Roberto M. Amadio, Nicolas Ayache, Yann Régis-Gianas,
More informationSimply-Typed Lambda Calculus
#1 Simply-Typed Lambda Calculus #2 Back to School What is operational semantics? When would you use contextual (small-step) semantics? What is denotational semantics? What is axiomatic semantics? What
More information