Abstract
We present a methodology, called OPEV, to validate the translation between OCaml and PVS, which supports non-executable semantics. This validation occurs by generating large-scale tests for OCaml implementations, generating test lemmas for PVS, and generating proofs that automatically discharge these lemmas. OPEV incorporates an intermediate type system that captures a large subset of OCaml types, employing a variety of rules to generate test cases for each type. To prove the PVS lemmas, we developed automatic proof strategies and discharged the test lemmas using PVS Proof-Lite, a powerful proof scripting utility of the PVS verification system. We demonstrated our approach on two case studies that include two hundred and fifty-nine functions selected from the Sail and Lem libraries. For each function, we generated thousands of test lemmas, all of which are automatically discharged. The methodology contributes to a reliable translation between OCaml and PVS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Klein, G., et al.: seL4: formal verification of an OS kernel. In: ACM Symposium on Operating Systems Principles, pp. 207–220. ACM (2009)
Greenaway, D., Andronick, J., Klein, G.: Bridging the gap: automatic verified abstraction of C. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 99–115. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32347-8_8
Mulligan, D.P., Owens, S., Gray, K.E., Ridge, T., Sewell, P.: Lem: reusable engineering of real-world semantics. SIGPLAN Not. 49(9), 175–188 (2014). https://doi.org/10.1145/2692915.2628143
Conrad, M.: Testing-based translation validation of generated code in the context of IEC 61508. Formal Methods Syst. Des. 35(3), 389–401 (2009)
Owre, S., Rushby, J.M., Shankar, N.: PVS: a prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-55602-8_217
Munoz, C.: Batch proving and proof scripting in PVS. NIA-NASA Langley, National Institute of Aerospace, Hampton, VA, Report NIA Report (2007–03) (2007)
Kästner, D., et al.: Compcert: practical experience on integrating and qualifying a formally verified optimizing compiler. In: ERTS2 2018-Embedded Real Time Software and Systems (2018)
Claessen, K., Hughes, J.: Quickcheck: a lightweight tool for random testing of Haskell programs. In: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP 2000), pp. 268–279. ACM, New York, NY, USA (2000). https://doi.org/10.1145/351240.351266
PVS source code. http://www.csl.sri.com/users/owre/drop/pvs-snapshots/
OPEV bug report.OPEVBugReport
Sail project. https://github.com/rems-project/sail. Accessed 31 May 2019
Gray, K.E., Sewell, P., Pulte, C., Flur, S., Norton-Wright, R.: The sail instruction-set semantics specification language (2017)
Lem project. https://github.com/rems-project/lem. Accessed 31 May 2019
Sewell, T.A.L., Myreen, M.O., Klein, G.: Translation validation for a verified OS kernel. In: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2013), pp. 471–482. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2491956.2462183
Leroy, X., Blazy, S., Kästner, D., Schommer, B., Pister, M., Ferdinand, C.: Compcert-a formally verified optimizing compiler. In: ERTS 2016: Embedded Real Time Software and Systems, 8th European Congress (2016)
Kästner, D., Leroy, X., Blazy, S., Schommer, B., Schmidt, M., Ferdinand, C.: Closing the gap-the formally verified optimizing compiler compcert. In: Safety-critical Systems Symposium 2017 (SSS 2017), pp. 163–180. CreateSpace (2017)
Ciupa, I., Pretschner, A., Oriol, M., Leitner, A., Meyer, B.: On the number and nature of faults found by random testing. Softw. Test. Verif. Reliab. 21(1), 3–28 (2011). https://doi.org/10.1002/stvr.415
Tanter, É., Tabareau, N.: Gradual certified programming in coq. In: ACM SIGPLAN Notices, vol. 51, pp. 26–40. ACM (2015)
Blanchette, J.C., Nipkow, T.: Nitpick: a counterexample generator for higher-order logic based on a relational model finder. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 131–146. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14052-5_11
Wada, Y., Kusakabe, S.: Performance evaluation of a testing framework using QuickCheck and Hadoop. JIP 20(2), 340–346 (2012). https://doi.org/10.2197/ipsjjip.20.340
Crow, J., Owre, S., Rushby, J., Shankar, N., Stringer-Calvert, D.: Evaluating, testing, and animating PVS specifications, March 2019
Narkawicz, A., Munoz, C.A., Dutle, A.M.: The MINERVA software development process (2017)
Tahat, A., Joshi, S.P., Goswami, P., Ravindran, B.: Scalable translation validation of unverified legacy OS code. In: 2019 Formal Methods in Computer Aided Design (FMCAD), pp. 1–9 (2019)
Trustworthy specifications of Arm v8-A and v8-M system level architecture. In: Proceedings of Formal Methods in Computer-Aided Design (FMCAD 2016), pp. 161–168, October 2016. https://alastairreid.github.io/papers/fmcad2016-trustworthy.pdf
Acknowledgements
This material is based upon work supported by the US Office of Naval Research (ONR) under grant N00014-18-1-2665.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
An, X., Tahat, A., Ravindran, B. (2020). A Validation Methodology for OCaml-to-PVS Translation. In: Lee, R., Jha, S., Mavridou, A., Giannakopoulou, D. (eds) NASA Formal Methods. NFM 2020. Lecture Notes in Computer Science(), vol 12229. Springer, Cham. https://doi.org/10.1007/978-3-030-55754-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-55754-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55753-9
Online ISBN: 978-3-030-55754-6
eBook Packages: Computer ScienceComputer Science (R0)