Toward a Verified Software Toolchain for Java

David Pichardie 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Software are increasingly complex and are unavoidably subject to programming errors (a.k.a. bugs). The problem is well known and many techniques have been developed in order to reduce the number of bugs in a program. Among them, this document specially studies automatic verification techniques that operate at compile time and that aim at catching all errors of a certain kind: static analyses and type systems. For example, we can rely on an information flow type system to verify, before running or distributing a program, that it does not leak confidential information to the external environment. One concern we can have is about the reliability of such a verification. Indeed, verification tools are themselves complex softwares. Moreover they make assumptions about the execution model of programs but this model is itself an abstraction of the real compiled code that is run at the end. Therefore the whole software toolchain of a programming language requires reliability. Our ultimate objective is to build such a toolchain for the Java programming language. Our challenge here is to build a verified platform: each components (transformation, verification tools) should be formally specified in an expressive logic and correctness of the implementation of these components should be rigorously proved. Proof assistants are of special interest for these tasks: they provide a very rich specification language (based for example on high- order logic) with an automatic mechanism to check validity of proofs. The proof we are interested in are specially long and too error-prone to be fully verify at hand. Proof assistants allow for writing programs (here compilers and verification tools), their specification, and the corresponding correctness proof in a unified, logical framework. Several of them provide an extraction mechanism that automatically generates executable code that fulfills the formalized specification. We mainly focus on Java because it is a modern language with several challenging features: security mechanisms, type and memory safety, modularity. Still many facets of our work are not fully specific to this programming language. The object-oriented programming paradigm is for example quite orthogonal in this work. This document will summarise seven years of my research work around this objective. As we will see in conclusion the road is still long to achieve our goal but we already have learnt some interesting lessons that we will share here.
Type de document :
HDR
Computer Science [cs]. ENS Cachan, 2012
Liste complète des métadonnées

https://hal.inria.fr/tel-01114001
Contributeur : David Pichardie <>
Soumis le : vendredi 6 février 2015 - 17:33:34
Dernière modification le : jeudi 15 novembre 2018 - 11:57:41

Identifiants

  • HAL Id : tel-01114001, version 1

Citation

David Pichardie. Toward a Verified Software Toolchain for Java. Computer Science [cs]. ENS Cachan, 2012. 〈tel-01114001〉

Partager

Métriques

Consultations de la notice

828