KIDS: A Semiautomatic Program Development System
IEEE Transactions on Software Engineering
Foundations of programming languages
Foundations of programming languages
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
A certifying compiler for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
SETHEO and E-SETHEO - The CADE-13 Systems
Journal of Automated Reasoning
On the Requirements of High-Integrity Code Generation
HASE '99 The 4th IEEE International Symposium on High-Assurance Systems Engineering
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Deductive Composition of Astronomical Software from Subroutine Libraries
CADE-12 Proceedings of the 12th International Conference on Automated Deduction
Planware ¾ Domain-Specific Synthesis of High-Performance Schedulers
ASE '98 Proceedings of the 13th IEEE international conference on Automated software engineering
Proving refinement transformations for deriving high-assurance software
HASE '96 Proceedings of the 1996 High-Assurance Systems Engineering Workshop
Certifying Domain-Specific Policies
Proceedings of the 16th IEEE international conference on Automated software engineering
AutoBayes: a system for generating data analysis programs from statistical models
Journal of Functional Programming
Automating the implementation of Kalman filter algorithms
ACM Transactions on Mathematical Software (TOMS)
Proceedings of the 5th international conference on Generative programming and component engineering
Simple and safe SQL queries with c++ templates
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Towards Verifying Model Transformations
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Verification of Model Transformations Via Goal-Directed Certification
Model-Driven Development of Reliable Automotive Services
From UML Activities to TAAL - Towards Behaviour-Preserving Model Transformations
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Explaining Verification Conditions
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Generating customized verifiers for automatically generated code
GPCE '08 Proceedings of the 7th international conference on Generative programming and component engineering
On the correctness of model transformations in the development of embedded systems
Proceedings of the 13th Monterey conference on Composition of embedded systems: scientific and industrial issues
Lessons learned from building a graph transformation system
Graph transformations and model-driven engineering
Hi-index | 0.00 |
Code generators based on template expansion techniques are easier to build than purely deductive systems but do not guarantee the same level of assurance: instead of providing “correctness-by-construction”, the correctness of the generated code depends on the correctness of the generator itself. We present an alternative assurance approach, in which the generator is extended to enable Hoare-style safety proofs for each individual generated program. The proofs ensure that the generated code does not “go wrong”, i.e., does not violate certain conditions during its execution. The crucial step in this approach is to extend the generator in such way that it produces all required annotations (i.e., pre-/postconditions and loop invariants) without compromising the assurance provided by the subsequent verification phase. This is achieved by embedding annotation templates into the code templates, which are then instantiated in parallel by the generator. This is feasible because the structure of the generated code and the possible safety properties are known when the generator is developed. It does not compromise the provided assurance because the annotations only serve as auxiliary lemmas and errors in the annotation templates ultimately lead to unprovable safety obligations. We have implemented this approach and integrated it into the AutoBayes and AutoFilter program generators. We have then used it to fully automatically prove that code generated by the two systems satisfies both language-specific properties such as array-bounds safety or proper variable initialization-before-use and domain-specific properties such as vector normalization, matrix symmetry, or correct sensor input usage.