Linearizability: a correctness condition for concurrent objects
ACM Transactions on Programming Languages and Systems (TOPLAS)
Operational reasoning for functions with local state
Higher order operational techniques in semantics
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Specifying Concurrent Program Modules
ACM Transactions on Programming Languages and Systems (TOPLAS)
Verifying properties of parallel programs: an axiomatic approach
Communications of the ACM
An axiomatic basis for computer programming
Communications of the ACM
Transactional information systems: theory, algorithms, and the practice of concurrency control and recovery
Distributed Algorithms
Operational Semantics and Program Equivalence
Applied Semantics, International Summer School, APPSEM 2000, Caminha, Portugal, September 9-15, 2000, Advanced Lectures
Hoare Logic for NanoJava: Auxiliary Variables, Side Effects, and Virtual Methods Revisited
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Hoare Logics for Recursive Procedures and Unbounded Nondeterminism
CSL '02 Proceedings of the 16th International Workshop and 11th Annual Conference of the EACSL on Computer Science Logic
HIERARCHICAL CORRECTNESS PROOFS FOR DISTRIBUTED ALGORITHMS
HIERARCHICAL CORRECTNESS PROOFS FOR DISTRIBUTED ALGORITHMS
Computer
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Stenning's protocol implemented in UDP and verified in Isabelle
CATS '05 Proceedings of the 2005 Australasian symposium on Theory of computing - Volume 41
Engineering with logic: HOL specification and symbolic-evaluation testing for TCP implementations
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Operational reasoning for concurrent caml programs and weak memory models
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
A sound semantics for OCamllight
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
A marriage of rely/guarantee and separation logic
CONCUR'07 Proceedings of the 18th international conference on Concurrency Theory
ACM Transactions on Programming Languages and Systems (TOPLAS)
Trace-based verification of imperative programs with I/O
Journal of Symbolic Computation
System-level approach to the design of a smart distributed surveillance system using systemj
ACM Transactions on Embedded Computing Systems (TECS)
A mechanized model for CAN protocols
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Hi-index | 0.00 |
This work develops an integrated approach to the verification of behaviourally rich programs, founded directly on operational semantics. The power of the approach is demonstrated with a state-of-the-art verification of a core piece of distributed infrastructure, involving networking, a filesystem, and concurrent OCaml code. The formalization is in higher-order logic and proof support is provided by the HOL4 theorem prover. Difficult verification problems demand a wide range of techniques. Here these include ground and symbolic evaluation, local reasoning, separation, invariants, Hoare-style assertional reasoning, rely/guarantee, inductive reasoning about protocol correctness, multiple refinement, and linearizability. While each of these techniques is useful in isolation, they are even more so in combination. The first contribution of this paper is to present the operational approach and describe how existing techniques, including all those mentioned above, may be cleanly and precisely integrated in this setting. The second contribution is to show how to combine verifications of individual library functions with arbitrary and unknown user code in a compositional manner, focusing on the problems of private state and encapsulation. The third contribution is the example verification itself. The infrastructure must behave correctly under arbitrary patterns of host and network failure, whilst for performance reasons the code also includes data races on shared state. Both features make the verification particularly challenging.