An approach to systems verification
Journal of Automated Reasoning
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
C: A Reference Manual
The Java Language Specification
The Java Language Specification
Single-Threaded Objects in ACL2
PADL '02 Proceedings of the 4th International Symposium on Practical Aspects of Declarative Languages
| Hi-index | 0.00 |
Classical data structures such as stacks, queues, and double-ended queues (deques) find broad use in security-critical applications. At the highest Evaluation Assurance Level (EAL) of the Common Criteria, such data structures must be formally specified, and proven to meet their specifications. Formal verification systems can readily reason about unbounded, functional data structures. However, such data structures are in the main not appropriate for direct implementation in high-confidence software systems, both because of their unbounded nature, and also due to the complexity of the functional forms (e.g., the use of two lists, one reversed, to implement a deque). We will show how a formally verified data structure specified using the ACL2 single-threaded object facility can be much more readily translated into highassurance implementations expressed in conventional programming languages. Finally, we show how this translated data structure code can be compiled into efficient machine code for a common embedded microprocessor using a verified compiler, and executed on an EAL6+ verified operating system.