by Johann Schumann, Bernd Fischer, Mike Whalen, Jon Whittle
Proceedings of the 36 th Hawaii International Conference on System Sciences
http://www.hicss.hawaii.edu/HICSS36/HICSSpapers/STTCT01.pdf
Add To MetaCart
Abstract:
Although autocoding techniques promise large gains in software development productivity, their “real-world ” application has been limited, particularly in safety-critical domains. Often, the major impediment is the missing trustworthiness of these systems: demonstrating—let alone formally certifying—the trustworthiness of automatic code generators is extremely difficult due to their complexity and size. We develop an alternative product-oriented certification approach which is based on five principles: (1) trustworthiness of the generator is reduced to the safety of each individual generated program; (2) program safety is defined as adherence to an explicitly formulated safety policy; (3) the safety policy is formalized by a collection of logical program properties; (4) Hoare-style program verification is used to show that each generated program satisfies the required properties; (5) the code generator itself is extended to automatically produce the code annotations required for verification. The approach is feasible because the code generator has full knowledge about the program under construction and about the properties to be verified. It can thus generate all auxiliary code annotations a theorem prover needs to discharge all emerging verification obligations fully automatically. Here we report how this approach is used in a certification extension for AUTOBAYES, an automatic program synthesis system which generates data analysis programs (e.g., for clustering and time-series analysis) from declarative specifications. In particular, we describe how a variableinitialization-before-use safety policy can be encoded and certified.
Citations
|
904
|
Practical optimization
– Gill, Murray, et al.
- 1981
|
|
325
|
Dynamically discovering likely program invariants to support program evolution
– Ernst, Cockrell, et al.
- 1999
|
|
162
|
The Formal Semantics of Programming Languages: An Introduction
– Winskel
- 1993
|
|
141
|
Eliminating Array Bound Checking Through Dependent Types
– Xi, Pfenning
- 1998
|
|
99
|
A semantic model of types and machine instructions for proofcarrying code
– Appel, Felty
- 2000
|
|
97
|
A certifying compiler for Java
– Colby, Lee, et al.
- 2000
|
|
77
|
an annotation assistant for ESC/Java
– Houdini
- 2001
|
|
57
|
Implementing typed intermediate languages
– Shao, League, et al.
- 1998
|
|
35
|
Efficient representation and validation of logical proofs
– Necula, Lee
- 1998
|
|
29
|
AutoBayes: A system for generating data analysis programs from statistical models
– Fischer, Schumann
- 2003
|
|
28
|
Certifying compilation and run-time code generation
– Hornof, Jim
- 1999
|
|
27
|
Verification of array, record, and pointer operations in Pascal
– Luckham, Suzuki
- 1979
|
|
22
|
Programming Languages and Dimensions
– Kennedy
- 1996
|
|
19
|
Synthesizing certified code
– Whalen, Schumann, et al.
- 2002
|
|
16
|
Certifying domain-specific policies
– Lowry, Pressburger, et al.
- 2001
|
|
11
|
Amphion/NAV: Deductive Synthesis of State Estimation Software
– Whittle, Baalen, et al.
- 2001
|
|
9
|
Program synthesis
– Kreitz
- 1998
|
|
9
|
Dimension inference under polymorphic recursion
– Rittri
- 1995
|
|
5
|
An automated approach for supporting software reuse via reverse engineering
– Gannod, Chen, et al.
- 1998
|
|
5
|
AutoBayes/CC — Combining Program Synthesis with Automatic Code Certification (System Description
– Whalen, Schumann, et al.
- 2002
|
|
4
|
Mops: Verifying Modula-2 programs specified in VDM-SL
– Kaiser, Fischer, et al.
- 2000
|
|
4
|
Enforceable security policies. Computer Science
– Schneider
- 1998
|
|
3
|
Certifying compilation and run-time code generation. Higher Order Symbol
– Hornof, Jim
- 1999
|
