An Integrated Approach to High Integrity Software Verification

Using automated reasoning techniques, we tackle the niche activity of proving that a program is free from run-time exceptions. Such a property is particularly valuable in high integrity software, for example, safety- or security-critical applications. The context for our work is the SPARK Approach for the development of high integrity software. The SPARK Approach provides a significant degree of automation in proving exception freedom. Where this automation fails, however, the programmer is burdened with the task of interactively constructing a proof and possibly also having to supply auxiliary program annotations. We minimize this burden by increasing the automation, through an integration of proof planning and a program analysis oracle. We advocate a ‘cooperative’ integration, where proof-failure analysis directly constrains the search for auxiliary program annotations. The approach has been successfully tested on industrial data.

[1]  Alan Bundy,et al.  Rippling - meta-level guidance for mathematical reasoning , 2005, Cambridge tracts in theoretical computer science.

[2]  Patrick Cousot,et al.  Automatic synthesis of optimal invariant assertions: Mathematical foundations , 1977, Artificial Intelligence and Programming Languages.

[3]  Henry Ledgard,et al.  Reference Manual for the ADA® Programming Language , 1983, Springer New York.

[4]  P.K.D. Froome Interim Def Stan 00-56: hazard analysis and safety classification of the computer and programmable electronic system elements of defence equipment , 1994 .

[5]  Zohar Manna,et al.  Logical analysis of programs , 1976, CACM.

[6]  Andrew Ireland,et al.  Automation for exception freedom proofs , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[7]  S. Tucker Taft,et al.  Consolidated Ada Reference Manual Language and Standard Libraries , 2002, Lecture Notes in Computer Science.

[8]  Flemming Nielson,et al.  International Workshop on Principles of Program Analysis , 1999 .

[9]  Patrick Baudin,et al.  Caveat: a tool for software validation , 2002, Proceedings International Conference on Dependable Systems and Networks.

[10]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[11]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[12]  Natarajan Shankar,et al.  ICS: Integrated Canonizer and Solver , 2001, CAV.

[13]  Andrew Ireland,et al.  Combining Proof Plans with Partial Order Planning for Imperative Program Synthesis , 2006, Automated Software Engineering.

[14]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[15]  Frank van Harmelen,et al.  Experiments with proof plans for induction , 2004, Journal of Automated Reasoning.

[16]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[17]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[18]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[19]  Eelco Visser,et al.  Stratego: A Language for Program Transformation Based on Rewriting Strategies , 2001, RTA.

[20]  Andrew Ireland,et al.  Invariant Discovery via Failed Proof Attempts , 1998, LOPSTR.

[21]  Andrew Ireland,et al.  Productive use of failure in inductive proof , 1996, Journal of Automated Reasoning.

[22]  Steven M. German,et al.  Automating proofs of the absence of common runtime errors , 1978, POPL.

[23]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[24]  Andrew Ireland,et al.  Proof planning for strategy development , 2001, Annals of Mathematics and Artificial Intelligence.

[25]  Alan Bundy,et al.  Proof Plans for the Correction of False Conjectures , 1994, LPAR.

[26]  Alan Bundy,et al.  Automatic verification of functions with accumulating parameters , 1999, Journal of Functional Programming.

[27]  Toby Walsh,et al.  A calculus for and termination of rippling , 1996, Journal of Automated Reasoning.

[28]  Michel Caplain,et al.  Finding Invariant assertions for proving programs , 1975, Reliable Software.

[29]  Andrew Ireland,et al.  Invariant Patterns for Program Reasoning , 2004, MICAI.

[30]  Johann Schumann,et al.  Under Consideration for Publication in J. Functional Programming Autobayes: a System for Generating Data Analysis Programs from Statistical Models , 2022 .

[31]  IrelandAndrew,et al.  Combining Proof Plans with Partial Order Planning for Imperative Program Synthesis , 2006 .

[32]  Alan Bundy,et al.  Middle-Out Reasoning for Logic Program Synthesis , 1993, ICLP.

[33]  Roderick Chapman,et al.  Industrial strength exception freedom , 2002, SIGAda.

[34]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[35]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[36]  A. Bundy,et al.  Turning eureka steps into calculations in automatic program synthesis , 1990 .

[37]  Frank van Harmelen,et al.  The Oyster-Clam System , 1990, CADE.

[38]  Steve King,et al.  Is Proof More Cost-Effective Than Testing? , 2000, IEEE Trans. Software Eng..

[39]  Alan Bundy,et al.  A General Setting for Flexibly Combining and Augmenting Decision Procedures , 2004, Journal of Automated Reasoning.

[40]  Hongseok Yang,et al.  Automatic Construction of Hoare Proofs from Abstract Interpretation Results , 2003, APLAS.

[41]  Mike Hill,et al.  Safety analysis of Hawk In Flight monitor , 1999, PASTE '99.

[42]  Andrew Ireland,et al.  On the Automatic Discovery of Loop Invariants , 1997 .

[43]  Andrew Ireland,et al.  The Use of Planning Critics in Mechanizing Inductive Proofs , 1992, LPAR.

[44]  Bernard Carré,et al.  Information-flow and data-flow analysis of while-programs , 1985, TOPL.

[45]  Alan Bundy,et al.  The Use of Explicit Plans to Guide Inductive Proofs , 1988, CADE.

[46]  Roderick Chapman,et al.  Industrial strength exception freedom , 2003 .

[47]  Frank van Harmelen,et al.  Rippling: A Heuristic for Guiding Inductive Proofs , 1993, Artif. Intell..

[48]  Andrew Ireland,et al.  An Integration of Program Analysis and Automated Theorem Proving , 2004, IFM.