Synthesizing Certified Code

Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone.We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AUTOBAYES, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool.

[1]  Andrew John Kennedy,et al.  Programming languages and dimensions , 1995 .

[2]  Professor Dr. Niklaus Wirth,et al.  Programming in Modula-2 , 1982, Springer Berlin Heidelberg.

[3]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[4]  Stephan Schulz System Abstract: E 0.3 , 1999, CADE.

[5]  Malcolm Murphy,et al.  Octave: A Free, High-Level Language for Mathematics , 1997 .

[6]  Stephan Schulz System Abstract: E 0.61 , 2001, IJCAR.

[7]  Johann Schumann,et al.  Under Consideration for Publication in J. Functional Programming Autobayes: a System for Generating Data Analysis Programs from Statistical Models , 2022 .

[8]  William H. Press,et al.  Numerical recipes in C , 2002 .

[9]  Zhong Shao,et al.  Implementing typed intermediate languages , 1998, ICFP '98.

[10]  Cliff B. Jones,et al.  A logic covering undefinedness in program proofs , 1984, Acta Informatica.

[11]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[12]  John Dawes,et al.  The VDM-SL Reference Guide , 1991 .

[13]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[14]  Andrew W. Appel,et al.  A semantic model of types and machine instructions for proof-carrying code , 2000, POPL '00.

[15]  Frank Pfenning,et al.  Eliminating array bound checking through dependent types , 1998, PLDI.

[16]  XiHongwei,et al.  Eliminating array bound checking through dependent types , 1998 .

[17]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[18]  W. Bibel,et al.  Automated deduction : a basis for applications , 1998 .

[19]  Tom Pressburger,et al.  Generating data analysis programs from statistical models: Position paper , 2000 .

[20]  Betty H. C. Cheng,et al.  An automated approach for supporting software reuse via reverse engineering , 1998, Proceedings 13th IEEE International Conference on Automated Software Engineering (Cat. No.98EX239).

[21]  Philip E. Gill,et al.  Practical optimization , 1981 .

[22]  Ian J. Hayes,et al.  Supporting Contexts in Program Refinement , 1997, Sci. Comput. Program..

[23]  Audris Mockus,et al.  Does Code Decay? Assessing the Evidence from Change Management Data , 2001, IEEE Trans. Software Eng..

[24]  Joachim Steinbach,et al.  SETHEO and E-SETHEO - The CADE-13 Systems , 2004, Journal of Automated Reasoning.

[25]  S. Manson,et al.  Photoabsorption, Photoionization, and Photoelectron Spectroscopy , 1979 .

[26]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[27]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[28]  Christoph Weidenbach,et al.  SPASS & FLOTTER Version 0.42 , 1996, CADE.

[29]  B. A. Wichmann High Integrity Ada , 1997, SAFECOMP.

[30]  Wolfgang Bibel,et al.  SETHEO: A high-performance theorem prover , 1992, Journal of Automated Reasoning.

[31]  C. Cordell Green,et al.  What Is Program Synthesis? , 1985, J. Autom. Reason..

[32]  Michael R. Lowry,et al.  Certifying domain-specific policies , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[33]  Michael R. Lowry,et al.  Amphion/NAV: deductive synthesis of state estimation software , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[34]  Johann Schumann,et al.  Generating Data Analysis Programs from Statistical Models , 2000, SAIG.

[35]  George C. Necula,et al.  Efficient Representation and Validation of Logical Proofs , 1997, LICS 1997.

[36]  Gernot Stenz,et al.  E-SETHEO: Design, Configuration and Use of a Parallel Automated Theorem Prover , 1999, Australian Joint Conference on Artificial Intelligence.

[37]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[38]  Wolfgang Reif,et al.  The KIV-Approach to Software Verification , 1995, KORSO Book.

[39]  Mikael Rittri,et al.  Dimension inference under polymorphic recursion , 1995, FPCA '95.

[40]  John Barnes,et al.  High Integrity Ada: The Spark Approach , 1997 .

[41]  Manfred Broy,et al.  KORSO: Methods, Languages, and Tools for the Construction of Correct Software , 1995, Lecture Notes in Computer Science.

[42]  David C. Luckham,et al.  Verification of Array, Record, and Pointer Operations in Pascal , 1979, TOPL.

[43]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[44]  Trevor Jim,et al.  Certifying Compilation and Run-Time Code Generation , 1999, High. Order Symb. Comput..

[45]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.