ArticlePDF Available

Verified Compilation and the B Method: A Proposal and a First Appraisal

Authors:

Abstract

This paper investigates the application of the B method beyond the classical algorithmic level provided by the B0 sub-language, and presents refinements of B models at a level of precision equivalent to assembly language. We claim and justify that this extension provides a more reliable software development process as it bypasses two of the less trustable steps in the application of the B method: code synthesis and compilation. The results presented in the paper have a value as a proof of concept and may be used as a basis to establish an agenda for the development of an approach to build verifying compilers [Hoare, C. A. R., The verifying compiler, a grand challenge for computing research, in: VMCAI, 2005, pp. 78–78] based on the B method.
A preview of the PDF is not available
... Esses trabalhos usam o método B ou Event-B (ABRIAL et al., 2006 ). Um modelo formal , chamado MIDAS (Microprocessor Instruction and Data Abstraction System) DANTAS et al., 2009; DÉHARBE, 2012 ) e a nossa experiência desenvolvendo ferramentas de verificação B (MARINHO et al., 2008; GURGEL et al., 2010; DÉHARBE, 2014). O próximo capítulo resume as principais considerações do trabalho e apresenta os trabalhos futuros. ...
Thesis
Full-text available
Assembly code synthesis is a process that requires rigorous care. Typically, this process in mature translators and compilers is relatively safe, though some errors have occasionally been identified. In a more restricted context, the translators used in the smaller communities and developed constantly have been more susceptible to these kind of errors. Considering this context, two translation and verification approaches using the B method have been presented. The first approach considers the B component translation to assembly code for a specific platform by using a formal model of the instruction set, which also allows to debug and to check program properties. This approach can formally ensure the semantic consistency of the translation, although the verification process is difficult and time-consuming. This verification effort was somewhat relieved by the development of BEval, a tool which has made better use of the verification techniques. After applying the automatic verification process using the Atelier B tool, BEval was still able to solve, in the certain models, many of the remaining proof obligations, reaching up to 88 \% of total obligations. However, the verification process of this translation approach is still complex, requiring several manual interactions. In order to make a translation more efficient and also safe, a second approach for the translating B to virtual machine code was developed. This second approach used the developed translator B2LLVM and applied the automatic generation of tests to check the consistency of the program specifications and their respective assembly code. This translator also supported the code coverage evaluation and the insertion of the traceability annotations. Thus, this study has significantly contributed to developing B translation to assembly code, providing rigorous support for the verification of the translation. Currently, the B2LLVM outweighs 20,9% the percentage of translatable test samples based on grammar compared to the C4B industrial translator. Furthermore, the generated code by B2LLVM has important advantages in the ample capacity of verification, integration and optimization.
... Tools with a sound formal basis such as JML [28] and Spec# [29] allow effective verification based upon pre-and postconditions. Dantas et al. [30] show how the B-method can be extended to support a new low-level language, at the level of abstraction of an assembly language. This helps bridge the gap between the formal language and programming constructs, giving a better guarantee of program correctness. ...
Article
Full-text available
This paper reports upon ten years of experience in the development and application of model-driven technology. The technology in question was inspired by work on formal methods: in particular, by the B toolkit. It was used in the development of a number of information systems, all of which were successfully deployed in real world situations. The paper reports upon three systems: one that informed the design of the technology, one that was used by an internal customer, and one that is currently in use outside the development organisation. It records a number of lessons regarding the application of model-driven techniques.
Conference Paper
Full-text available
A compiler may be specified as a set of theorems, each describing how a construct in the programming language is translated into a sequence of machine instructions. The machine may be specified as an interpreter written in the programming language itself. Using refinement algebra, it can then be verified that interpreting a compiled program is the same or better than executing the original source program. The compiling specification is very similar to a logic program and thus a prototype compiler (and interpreter) may easily be produced in a language such as Prolog. A subset of the occam programming language and the transputer instruction set are used to illustrate the approach. An advantage of the method is that new programming constructs can be added without necessarily affecting existing development work.
Conference Paper
I propose a set of criteria which distinguish a grand challenge in science or engineering from the many other kinds of short-term or long-term research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, I revive an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it.
Book
Traduction en chinois parue en 2010. Tsinghua University Press. ISBN 9787302208136
Conference Paper
The ideas of program verification date back to Turing and von Neumann, who introduced the concept of an assertion as the specification of an interface between parts of a program. The idea of mechanical theorem proving dates back to Leibniz; it has been explored in practice on modern computers by McCarthy, Milner, and many others since. A proposal for ’a program verifier’, combining these two technologies, was the subject of a Doctoral dissertation by James C. King, submitted at the Carnegie Institute of Technology in 1969. Early attempts at automatic program verification were premature. But much progress has been made in the last thirty five years, both in hardware capacity and in the software technologies for verification. I suggest that the renewed challenge of an automatic verifying compiler could provide a focus for interaction, cross-fertilisation, advancement and experimental evaluation of all the technologies of interest in this conference. Perhaps by concerted international effort, we may be able to meet this challenge, only fifty years after it was proposed by Jim King. We only have fifteen years left to do it.
Conference Paper
In this article, we first briefly present a proof assistant called the Predicate Prover, which essentially offers two functionalities: (1) an automatic semi-decision procedure for First Order Predicate Calculus, and (2) a systematic translation of statements written within Set Theory into equivalent ones in First Order Predicate Calculus. We then show that the automatic usage of this proof assistant is limited by several factors. We finally present (and this is the main part of this article) the principles that we have used in the construction of a proactive interface aiming at circumventing these limitations. Such principles are based on our practical experience in doing many interactive proofs (within Set Theory).
Book
The B method is a means for specifying, designing and coding software systems. The long-awaited B Book is the standard reference for everything concerning this method. It contains the mathematical basis on which it is founded, the precise definitions of the notations used, and a large number of examples illustrating its use in practice. J.-R. Abrial, the inventor of B, has written the book in such a way that it can be used for self-study or for reference. It is in four parts, the first dealing with the mathematical foundations, including a systematic construction of predicate logic and set theory, and the definition of the various mathematical structures that are needed to formalize software systems; the author places special emphasis on the notion of proof. The second part contains a presentation of the Generalized Substitution Language and of the Abstract Machine Notation, which are both used to specify software systems; the author gives examples to show how large specifications can be constructed systematically. The next part introduces the two basic programming features of sequencing and loop, with examples showing how to construct small algorithms. The last part covers the very important notion of refinement. It shows how to construct large software systems by means of layered architectures of modules. It culminates with the presentation of several examples of complete development with a special emphasis on the methodological approach. Finally, appendices give summaries of all the logical and mathematical definitions, and of all the rules and proof obligations. With the appearance of The B Book, formal methods practitioners, computer scientists, and systems developers at last will have access to the definitive account of what will become one of the standard approaches to the construction of software systems.