Browse Proceedings

The need to integrate the processes of programming and program verification requires notations for formal proofs that are easily readable. We discuss this problem in the context of Hoare logic and separation logic.

It has long been the custom to describe ...

One of the most significant developments in the area of design verification over the last decade is the development of of algorithmic methods for verifying temporal specification of finite-state designs [2]. A frequent criticism against this approach, ...

We consider verification algorithms in a wide sense. The out-come of a verification algorithm can be a definite (yes or no) answer, a "don't know" answer, or a conditional answer or no answer at all (divergence). We obtain these kinds of verification ...

Proof methods (or static analysis) and test methods (or dynamic analysis) have complementary strengths. While static analysis has the potential to obtain high coverage, it typically suffers from imprecision (and imprecision is needed to scale the ...

We present a simple and natural deductive formalism <em>μ</em>PDL for propositional dynamic logic for recursive procedures, including simultaneous recursion. Though PDL with recursive programs is known to be highly undecidable, natural deductive ...

We present Mapped Separation Logic, an instance of Separation Logic for reasoning about virtual memory. Our logic is formalised in the Isabelle/HOL theorem prover and it allows reasoning on properties about page tables, direct physical memory access, ...

We show how a type of atoms, which behave like urelements, and a new proposition that expresses the independence of a term from an atom can be added to any logical system after imposing minor restrictions on definitions and computations. Working in ...

A major challenge for verifying <em>complete</em>software systems is their complexity. A complete software system consists of program modules that use many language features and span different abstraction levels (e.g. user code and run-time system code)...

Tool support for the Java Modeling Language (JML) is a very pressing problem. A main issue with current tools is their architecture: the cost of keeping up with the evolution of Java is prohibitively high: e.g., Java 5 has yet to be fully supported. ...

This paper proposes an initial catalog of easy-to-state, relatively simple, and incrementally more and more challenging benchmark problems for the Verified Software Initiative. These benchmarks support assessment of verification tools and techniques to ...

This paper presents a machine-checked high-level security analysis of seL4--an evolution of the L4 kernel series targeted to secure, embedded devices. We provide an abstract specification of the seL4 access control system together with a formal proof ...

We have proposed an abstraction technique that uses the formulas of variants of the modal <em>μ</em>-calculus as a method for analyzing pointer manipulating programs. In this paper, the method is applied to verify the correctness of the Deutsch-Schorr-...

We present a case-study in which vote-tallying software is analyzed using a <em>bounded verification</em>technique, whereby all executions of a procedure are exhaustively examined within a finite space given by a bound on the size of the heap and the ...

This paper describes a technique of expression decomposition which allows the use of rely/guarantee development rules that do not assume atomic expression evaluation. This decomposition provides a means of addressing the fact that the logical meaning of ...

Though the verification of operating systems is an active research field, a verification method is still missing that provides both, the proximity to practically used programming languages such as C <em>and</em>a realistic model of concurrency, i.e. a ...

We use region logic specifications to verify several programs exhbiting the classic hard problem for object-oriented systems: the framing of heap updates. We use BoogiePL and its associated SMT solver, Z3, to prove both implementations and client code.

Object immutability is a familiar concept that allows safe sharing of objects. Existing language support for immutability is based on immutable classes. However, class-based approaches are restrictive because programmers can neither make instances of ...

The Verisoft project aims at the pervasive formal verification from the application layer over the system level software, comprising a microkernel and a compiler, down to the hardware. The different layers of the system give rise to various abstraction ...

We report on the formal functional verification of a simple device driver for an ATAPI hard disk in Isabelle/HOL. The proof is based on a functional model of the hard disk, which has been integrated into the instruction set architecture of a verified ...

A context switch -- an act of saving and restoring the state of a CPU such that multiple processes can share a single CPU resource -- is an essential feature of multitasking operating systems. Commonly computationally intensive and necessarily accessing ...

This paper addresses the assumption that software verification is valuable. Using experience from the assessment of safety critical software it makes observations of where the value of a Program Verifier might be and how it relates to the use of Formal ...