Martin Wildmoser

Learn More
Out of annotated programs proof carrying code systems construct and prove verification conditions that guarantee a given safety policy. The annotations may come from various program analyzers and must not be trusted as they need to be verified. A generic verification condition generator can be utilized such that a combination of annotations is verified(More)
We formalise a simple assembly language with procedures and a safety policy for arithmetic overflow in Isabelle/HOL. To verify individual programs we use a safety logic. Such a logic can be realised in Isabelle/HOL either as shallow or deep embedding. In a shallow embedding logical formulas are written as HOL predicates, whereas a deep embedding models(More)
Bytecode subroutines are a major complication for Java bytecode verification: they are difficult to fit into the data flow analysis that the JVM specification suggests. Because of that, subroutines are left out or are restricted in most formaliza-tions of the bytecode verifier. We examine the problems that occur with subroutines and give an overview of the(More)
We introduce a generic framework for proof carrying code, developed and mechanically verified in Isabelle/HOL. The framework defines and proves sound a verification condition generator with minimal assumptions on the underlying programming language, safety policy, and safety logic. We demonstrate its us-ability for prototyping proof carrying code systems by(More)
We instantiate an Isabelle/HOL framework for proof carrying code to Jinja bytecode, a downsized variant of Java bytecode featuring objects, inheritance, method calls and exceptions. Bytecode annotated in a first order expression language can be certified not to produce arithmetic overflows. For this purpose we use a generic verification condition generator,(More)
Software tools in safety relatedp rojects arei ndispensable, but also introduce risks. At ool errorm ay lead to thei njection or non-detection of af ault in theproduct. For this reason thesafetynormfor road vehicles, ISO26262,requires determinationo fatool confidence level for each software tool.I nt his paper we present am odel-baseda pproach to represent(More)
  • 1