Software model checking without source code
Innovations in Systems and Software Engineering
| Hi-index | 0.00 |
This dissertation explores two families of formal techniques for ensuring the safety of low-level (e.g., intermediate or assembly) code—certified assembly programming and type-preserving translation. These techniques are complementary to each other; they constitute substantial and novel results toward a generalized and more flexible framework for proof-carrying code. Certified assembly programming is a semi-automatic approach for the static verification of arbitrary safety properties. It can be applied to both sequential and concurrent assembly programs. Following this approach, the expected behavior of a program is explicitly written as a specification using higher-order logic. The programmer proves the well-formedness of a program with respect to its specification with help of a proof assistant, and the result can be checked mechanically by a proof checker. The verified program and its mechanical safety proof can be directly encapsulated as a proof-carrying code package. Type-preserving translation is a fully automatic approach via decidable type-checking, enforcing conventional type safety. It aims to eliminate the gap between high-level verifiable programs and low-level safe and efficient code. Type information is propagated through compilation and optimization passes. Verification or type checking is achievable on both the source and the target sides of the translation. In particular, type-preserving translation can be applied to producing the annotations and proofs required by proof-carrying code.