Martin Wildmoser

Learn More
Out of annotated programs proof carrying code systems construct and prove verification conditions that guarantee a given safety policy. The annotations may come from various program analyzers and must not be trusted as they need to be verified. A generic verification condition generator can be utilized such that a combination of annotations is verified(More)
We formalise a simple assembly language with procedures and a safety policy for arithmetic overflow in Isabelle/HOL. To verify individual programs we use a safety logic. Such a logic can be realised in Isabelle/HOL either as shallow or deep embedding. In a shallow embedding logical formulas are written as HOL predicates, whereas a deep embedding models(More)
We introduce a generic framework for proof carrying code, developed and mechanically verified in Isabelle/HOL. The framework defines and proves sound a verification condition generator with minimal assumptions on the underlying programming language, safety policy, and safety logic. We demonstrate its us-ability for prototyping proof carrying code systems by(More)
Due to failures of software tools faults compromising the safety of the developed items may either be injected or not detected. Thus the safety norm for road vehicles, ISO 26262, requires to evaluate all software tools by identifying potential tool failures and measures to detect or avoid them. The result is a tool confidence level for each tool, which(More)
Software tools in safety related projects are indispensable, but also introduce risks. A tool error may lead to the injection or non-detection of a fault in the product. For this reason the safety norm for road vehicles, ISO 26262, requires determination of a tool confidence level for each software tool. In this paper we present a model-based approach to(More)