Lightweight Interactive Proving inside an Automatic Program Verifier

  title={Lightweight Interactive Proving inside an Automatic Program Verifier},
  author={Sylvain Dailler and Claude March{\'e} and Yannick Moy},
Among formal methods, the deductive verification approach allows establishing the strongest possible formal guarantees on critical software. The downside is the cost in terms of human effort required to design adequate formal specifications and to successfully discharge the required proof obligations. To popularize deductive verification in an industrial software development environment, it is essential to provide means to progressively transition from simple and automated approaches to… Expand
How the Analyzer can Help the User Help the Analyzer
  • Yannick Moy
  • Computer Science
  • Electronic Proceedings in Theoretical Computer Science
  • 2021
These solutions came from discussions with industrial users of SPARK as part of the support activity that they subscribed to, and are presented in the hope that they can be useful to others, and serve as a basis for better future solutions, as the challenges presented here are common to most similar analyzers. Expand
How the Analyzer can Help the User Help the Analyzer
Program proof is the application of deductive verification techniques to programs. Industrial acceptability of such tools relies on the high degree of automation provided by modern automatic provers,Expand
Seamless Interactive Program Verification
A novel user interaction concept that allows the user to interact with the verification system on different abstraction levels and on different verification/proof artifacts. Expand
Ghost Code in Action: Automated Verification of a Symbolic Interpreter
This work formalisation is tailored for automated verification, that is the automated discharge of verification conditions to SMT solvers, and appropriately annotate the code of the symbolic interpreter with an original use of both ghost data and ghost statements. Expand
CISE3: Verifying Weakly Consistent Applications with Why3
The goal of the tool is to aid the programmer reason about the correct balance of synchronization in the system and deduces which operations require synchronization in order for the program to safely execute in a distributed environment. Expand
CISE3: Verifica\c{c}\~ao de aplica\c{c}\~oes com consist\^encia fraca em Why3
A tool for the verification of programs built on top replicated databases that evaluates a sequential specification and deduces which operations need to be synchronized for the program to function properly in a distributed environment is presented. Expand
Verified Software. Theories, Tools, and Experiments: 11th International Conference, VSTTE 2019, New York City, NY, USA, July 13–14, 2019, Revised Selected Papers
This paper discusses the design of MOPSA, an ongoing effort to design a novel semantic static analyzer by abstract interpretation, and proposes a vision for a framework for managing uncertainty in assurance cases for software systems, by systematically identifying, assessing and addressing it. Expand


Your Proof Fails? Testing Helps to Find the Reason
This work proposes a complete methodology where test generation helps to identify the reason of a proof failure and to exhibit a counterexample clearly illustrating the issue, and describes how to transform a formally specified C program into C code suitable for testing, and illustrates the benefits on comprehensive examples. Expand
Preserving User Proofs across Specification Changes
This paper describes a technique to maintain a proof session against modification of verification conditions and is implemented in the Why3 platform, which was successfully used in developing more than a hundred verified programs and in keeping them up to date along the evolution of Why3 and its standard library. Expand
Counterexamples from Proof Failures in SPARK
This work exploits the ability of SMT solvers to propose, when a proof of a formula is not found, a counter-model to produce a counterexample, exhibiting values for the variables of the program where a given part of the specification fails to be validated. Expand
The interactive verification debugger: Effective understanding of interactive proof attempts
It can be experimentally demonstrated that the IVD is more effective in understanding proof attempts than a conventional prover user interface. Expand
Why3 - Where Programs Meet Provers
We present Why3, a tool for deductive program verification, and WhyML, its programming and specification language. WhyML is a first-order language with polymorphic types, pattern matching, andExpand
Supporting Proof in a Reactive Development Environment
  • Farhad Mehta
  • Computer Science
  • Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)
  • 2007
This paper presents a solution to this problem that represents proof attempts in a way that makes them resilient to change and amenable to reuse. Expand
A Why3 Framework for Reflection Proofs and Its Application to GMP's Algorithms
This paper shows how Why3 is extended with a framework for proofs by reflection, with minimal impact on the trusted computing base, that makes it easy to write dedicated decision procedures that make full use of Why3’s imperative features and are formally verified. Expand
Verification of Dependable Software using SPARK and Isabelle
A link between the interactive proof assistant Isabelle/HOL and the SPARK/Ada tool suite for the verification of high-integrity software is presented and it is shown how it can be used to verify an efficient library for big numbers. Expand
An empirical evaluation of two user interfaces of an interactive program verifier
This paper juxtapose two different user interfaces of the interactive verifier KeY: the traditional one which focuses on proof objects and a more recent one that provides a view akin to an interactive debugger. Expand
Click'n Prove: Interactive Proofs within Set Theory
The principles that are used in the construction of a proactive interface aiming at circumventing limitations of the automatic usage of the Predicate Prover are based on the practical experience in doing many interactive proofs within Set Theory. Expand