It is a common belief that the rise of standardized software certification schemes like the Common Criteria (CC) would give a boost to formal verification, and that software certification may be a killer application for program verification. However, while formal models are indeed used throughout high-assurance certification, verification of the actual implementation is not required by the CC a...

This paper aims to raise the level of verification challenges by presenting a collection of sequential Java programs with correctness annotations formulated in JML. The emphasis lies more on the underlying semantical issues than on verification.

Fresco is a Smalltalk-based interactive environment supporting the specification and proven development of re-usable software components. These ‘capsules’ are deltas to the inheritance hierarchy, and form a more useful unit of designer-effort than class subhierarchies. Systems are built by composing capsules, which carry both specifications and code. The semantics of capsule composition is eluc...

In this effort, we consider the verification of properties in C (subset) programs. That is, we prove the validity of a pre/postcondition pair for a program, or demonstrate invalidity via an error trace. This is undecidable in general, and modern static analysis techniques struggle to reason about non-linear programs and programs with loops. To that end, we use abstraction for defining results o...

Program Verification by Lazy Abstraction

We present a novel program verification approach based on coinduction, which takes as input an operational semantics. No intermediates like axiomatic semantics or verification condition generators are needed. Specifications can be written using any state predicates. We implement our approach in Coq, giving a certifying language-independent verification framework. Our proof system is implemented...