Automatic Predicate Testing in Formal Certification
- 461 Downloads
The use of formal methods and proof assistants helps to increase the confidence in critical software. However, a formal proof is only a guarantee relative to a formal specification, and not necessary about the real requirements. There is always a jump when going from an informal specification to a formal specification expressed in a logical theory. Thus, proving the correctness of a piece of software always makes the implicit assumption that there is adequacy between the formalised specification –written with logical statements and predicates– and the real requirements –often written in English–. Unfortunately, a huge part of the complexity lies precisely in the specification itself, and it is far from obvious that the formal specification says exactly and completely what it should say. Why should we trust more these predicates than the code that we’ve first refused to trust blindly, leading to these proofs? We show in this paper that the proving activity has not replaced the testing activity but has only changed the object which requires to be tested. Instead of testing code, we now need to test predicates. We present recent ideas about how to conduct these tests inside the proof assistant on a few examples, and how to automate them as far as possible.
KeywordsFormal certification Predicate testing Proof assistant
- 3.Brady, E.: Idris, a general-purpose dependently typed programming language: design and implementation. J. Funct. Program. 23, 552–593 (2013). http://journals.cambridge.org/article_S095679681300018X MathSciNetCrossRefzbMATHGoogle Scholar
- 6.Slama, F., Brady, E.: Automatically proving equivalence by type-safe reflection (draft under consideration). J. Funct. Program. (2016). https://fs39.host.cs.st-andrews.ac.uk/publications/paper_Slama_Brady_JFP.pdf
- 10.Ziliani, B., Dreyer, D., Krishnaswami, N.R., Nanevski, A., Vafeiadis, V.: Mtac: a monad for typed tactic programming in Coq. In: ACM SIGPLAN International Conference on Functional Programming, ICFP 2013, Boston, pp. 87–100, 25–27 September 2013. http://doi.acm.org/10.1145/2500365.2500579