[go: up one dir, main page]
Hiroki Mizuno, profile picture
Uploaded byHiroki Mizuno
KEY, PPTX4,386 views

「Frama-Cによるソースコード検証」 (mzp)

This document discusses using the Frama-C framework to formally verify C and C++ code. It provides examples of using Frama-C to verify functions that find the minimum of integer values, including abs(), min(), and min3(). Specifications for these functions are written using the ACSL specification language. Frama-C is then used to prove that the implementations satisfy the specifications. The document also discusses how concepts from Frama-C like LE (less than or equal) can be mapped to similar concepts in languages like Coq that are used for formal verification.

Download as KEY, PPTX
2011/05/14 Boost. Frama-C mzp / 1
mzp / SE > ocaml-nagoya > ProofCafe > Scala 2
2/26 Ruby 02 4
Reject 5
Reject → 5
@bleis bf SQL @sunflat Amazon EC2 @yoya PHP: ZendEngine @terurou CommonJS @nari3 GC @mallowlabs AsakusaSattelite @yoshihiro503 Coq @mzp @wof_moriguchi F# @keigoi  ocamljs ocaml android ( ) @osiire GADT @kaizen_nagoya XYZ @dico_leque Meta-objective Lisp 6
@bleis bf SQL @sunflat Amazon EC2 @yoya PHP: ZendEngine @terurou CommonJS @nari3 GC @mallowlabs AsakusaSattelite @yoshihiro503 Coq @mzp ! @wof_moriguchi F# @keigoi  ocamljs ocaml android ( ) @osiire GADT @kaizen_nagoya XYZ @dico_leque Meta-objective Lisp 7
RubyKaigi2011 8
!
:min() min() 2 ← 11
template ≦ OK > (structual subtype) template <class T> T min(T x, T y) { return (x <= y) ? x : y; } 12
auto concept Le<class T> { bool operator<=(T, T); } template <class T> requires Le<T> T min(T x, T y) { return x <= y ? x : y; } 13
// int BOOST_CHECK_EQUAL( min(1, 2), 1 ); BOOST_CHECK_EQUAL( min(2, 1), 1 ); BOOST_CHECK_EQUAL( min(3, 3), 3 ); // dobule BOOST_CHECK_EQUAL( min(1., 2.), 1. ); BOOST_CHECK_EQUAL( min(2., 1.), 1. ); 14
... 3 ← 15
1 min ≦ OK template <class T> requires Le<T> T min3(T x, T y, T z) { return min(x, min(y, z)); } 16
// int BOOST_CHECK_EQUAL( min3(1, 2,3), 1 ); BOOST_CHECK_EQUAL( min3(2, 1,3), 1 ); BOOST_CHECK_EQUAL( min3(3, 2,1), 1 ); // dobule BOOST_CHECK_EQUAL( min3(1., 2.,4.), 1. ); BOOST_CHECK_EQUAL( min3(2., 1.,4.), 1. ); 17
..
“ ”: int int ≦ :x≦y z≦w (x,z) ≦ (y,w) &'( !"#"$ ← !"#%$ !%#"$ )*( !%#%$ 19
“ ”: int int ≦ :x≦y z≦w (x,z) ≦ (y,w) &'( !"#"$ ← !"#%$ !%#"$ )*( !%#%$ 19
≦ OK ← > :x≦x > :x≦y y≦z x≦z ↑ 20
> ≦ bool min,min3 ↑ 21
...
...
Frama-C[1] C > Value Analysis, Effects Analysis, etc 24
C → Why → > Alt-Ergo: ← > Coq: ← > ...and more ACSL > ACSL = ANSI/ISO C Specification Language !"#$#%& '() *+,%-"./ 25 00&/1
: abs() abs : 0 ACSL //@ ensures result >= 0; int abs (int i) { return i < 0 ? -i : i; } 26
$ frama-c -jessie abs.c 27
$ frama-c -jessie abs.c 27
$ frama-c -jessie abs.c 27
$ frama-c -jessie abs.c ! 27
$ frama-c -jessie abs.c INT_MIN ! 27
requires INT_MIN //@ requires i > -2147483648; //@ ensures result >= 0; int abs (int i) { return i < 0 ? -i : i; 28
29
Frama-C C++ C C++ > Frama-C 30
: LE ≦ → LE >C ACSL /*@ axiomatic order { predicate LE(T x, T y); } */ 31
Frama-C min,min3 C++ Frama-C T → void* → > typedef void* T; bool leq(T x, T y) { return true; } 32
leq leq : LE > leq(x,y) true LE(x,y) > leq(x,y) false LE(y, x) /*@ ensures (¥result == true ==> LE(x,y)) && (¥result == false ==> LE(y,x)); */ bool leq(T x, T y){ ... } 33
min leq min x,y /*@ ensures LE(¥result, x) && LE(¥result, y); */ T min(T x,T y){ return leq(x,y) ? x : y; } 34
→ 35
LE(y_0_0, y_0_0) LE(y,y) 36
/*@ axiomatic order { predicate LE(T x, T y); axiom refl : ¥forall T x; LE(x,x); ← 37
min3 min3 : x,y,z /*@ ensures LE(result, x) && LE(result, y) && LE(result, z); */ T min3(T x,T y,T z){ return min(x, min(y,z)); 38
39
> Coq → LE( , min(y,z)) LE(min(y,z), y) LE( , y) 40
/*@ axiomatic order { predicate LE(T x, T y); axiom refl : ¥forall T x; LE(x,x); axiom trans: forall T x,T y,T z; LE(x,y) ==> LE(y,z) ==> LE(x,z); ← 41
Frama-C min,min3 42
:ProofSummit 9/25( ) 10:00 17:00 @ http://bit.ly/proofsummit Coq,Agda2 43

More Related Content

明日使えないすごいビット演算
PDF
明日使えないすごいビット演算
by京大 マイコンクラブ
 
最適化超入門
PDF
最適化超入門
byTakami Sato
 
[DL輪読会]data2vec: A General Framework for Self-supervised Learning in Speech,...
PDF
[DL輪読会]data2vec: A General Framework for Self-supervised Learning in Speech,...
byDeep Learning JP
 
最適輸送の解き方
PDF
最適輸送の解き方
byjoisino
 
機械学習モデルの判断根拠の説明
PDF
機械学習モデルの判断根拠の説明
bySatoshi Hara
 
Lucas kanade法について
PDF
Lucas kanade法について
byHitoshi Nishimura
 
マルチコアを用いた画像処理
PDF
マルチコアを用いた画像処理
byNorishige Fukushima
 
Devsumi 2018summer
PDF
Devsumi 2018summer
byHarada Kei
 
明日使えないすごいビット演算
明日使えないすごいビット演算
by京大 マイコンクラブ
 
最適化超入門
最適化超入門
byTakami Sato
 
[DL輪読会]data2vec: A General Framework for Self-supervised Learning in Speech,...
[DL輪読会]data2vec: A General Framework for Self-supervised Learning in Speech,...
byDeep Learning JP
 
最適輸送の解き方
最適輸送の解き方
byjoisino
 
機械学習モデルの判断根拠の説明
機械学習モデルの判断根拠の説明
bySatoshi Hara
 
Lucas kanade法について
Lucas kanade法について
byHitoshi Nishimura
 
マルチコアを用いた画像処理
マルチコアを用いた画像処理
byNorishige Fukushima
 
Devsumi 2018summer
Devsumi 2018summer
byHarada Kei
 

What's hot

[DL輪読会]深層強化学習はなぜ難しいのか?Why Deep RL fails? A brief survey of recent works.
PDF
[DL輪読会]深層強化学習はなぜ難しいのか?Why Deep RL fails? A brief survey of recent works.
byDeep Learning JP
 
モデル高速化百選
PPTX
モデル高速化百選
byYusuke Uchida
 
最適輸送入門
PDF
最適輸送入門
byjoisino
 
Generative Adversarial Imitation Learningの紹介(RLアーキテクチャ勉強会)
PPTX
Generative Adversarial Imitation Learningの紹介(RLアーキテクチャ勉強会)
byYusuke Nakata
 
研究分野をサーベイする
PDF
研究分野をサーベイする
byTakayuki Itoh
 
深層強化学習と実装例
PDF
深層強化学習と実装例
byDeep Learning Lab(ディープラーニング・ラボ)
 
Oss貢献超入門
PDF
Oss貢献超入門
byMichihito Shigemura
 
【DL輪読会】Scaling Laws for Neural Language Models
PPTX
【DL輪読会】Scaling Laws for Neural Language Models
byDeep Learning JP
 
PRML学習者から入る深層生成モデル入門
PDF
PRML学習者から入る深層生成モデル入門
bytmtm otm
 
それはYAGNIか? それとも思考停止か?
PDF
それはYAGNIか? それとも思考停止か?
byYoshitaka Kawashima
 
Anomaly detection 系の論文を一言でまとめた
PDF
Anomaly detection 系の論文を一言でまとめた
byぱんいち すみもと
 
Data-Centric AIの紹介
PDF
Data-Centric AIの紹介
byKazuyuki Miyazawa
 
GAN(と強化学習との関係)
PDF
GAN(と強化学習との関係)
byMasahiro Suzuki
 
ディープラーニングのフレームワークと特許戦争
PDF
ディープラーニングのフレームワークと特許戦争
byYosuke Shinya
 
「世界モデル」と関連研究について
PDF
「世界モデル」と関連研究について
byMasahiro Suzuki
 
画像認識の初歩、SIFT,SURF特徴量
PDF
画像認識の初歩、SIFT,SURF特徴量
bytakaya imai
 
例外設計における大罪
PDF
例外設計における大罪
byTakuto Wada
 
【DL輪読会】Diffusion Policy: Visuomotor Policy Learning via Action Diffusion
PDF
【DL輪読会】Diffusion Policy: Visuomotor Policy Learning via Action Diffusion
byDeep Learning JP
 
プログラムを高速化する話
PDF
プログラムを高速化する話
by京大 マイコンクラブ
 
深層生成モデルと世界モデル(2020/11/20版)
PDF
深層生成モデルと世界モデル(2020/11/20版)
byMasahiro Suzuki
 
[DL輪読会]深層強化学習はなぜ難しいのか?Why Deep RL fails? A brief survey of recent works.
[DL輪読会]深層強化学習はなぜ難しいのか?Why Deep RL fails? A brief survey of recent works.
byDeep Learning JP
 
モデル高速化百選
モデル高速化百選
byYusuke Uchida
 
最適輸送入門
最適輸送入門
byjoisino
 
Generative Adversarial Imitation Learningの紹介(RLアーキテクチャ勉強会)
Generative Adversarial Imitation Learningの紹介(RLアーキテクチャ勉強会)
byYusuke Nakata
 
研究分野をサーベイする
研究分野をサーベイする
byTakayuki Itoh
 
深層強化学習と実装例
深層強化学習と実装例
byDeep Learning Lab(ディープラーニング・ラボ)
 
Oss貢献超入門
Oss貢献超入門
byMichihito Shigemura
 
【DL輪読会】Scaling Laws for Neural Language Models
【DL輪読会】Scaling Laws for Neural Language Models
byDeep Learning JP
 
PRML学習者から入る深層生成モデル入門
PRML学習者から入る深層生成モデル入門
bytmtm otm
 
それはYAGNIか? それとも思考停止か?
それはYAGNIか? それとも思考停止か?
byYoshitaka Kawashima
 
Anomaly detection 系の論文を一言でまとめた
Anomaly detection 系の論文を一言でまとめた
byぱんいち すみもと
 
Data-Centric AIの紹介
Data-Centric AIの紹介
byKazuyuki Miyazawa
 
GAN(と強化学習との関係)
GAN(と強化学習との関係)
byMasahiro Suzuki
 
ディープラーニングのフレームワークと特許戦争
ディープラーニングのフレームワークと特許戦争
byYosuke Shinya
 
「世界モデル」と関連研究について
「世界モデル」と関連研究について
byMasahiro Suzuki
 
画像認識の初歩、SIFT,SURF特徴量
画像認識の初歩、SIFT,SURF特徴量
bytakaya imai
 
例外設計における大罪
例外設計における大罪
byTakuto Wada
 
【DL輪読会】Diffusion Policy: Visuomotor Policy Learning via Action Diffusion
【DL輪読会】Diffusion Policy: Visuomotor Policy Learning via Action Diffusion
byDeep Learning JP
 
プログラムを高速化する話
プログラムを高速化する話
by京大 マイコンクラブ
 
深層生成モデルと世界モデル(2020/11/20版)
深層生成モデルと世界モデル(2020/11/20版)
byMasahiro Suzuki
 

Similar to 「Frama-Cによるソースコード検証」 (mzp)

Frege - consequently functional programming for the JVM
PDF
Frege - consequently functional programming for the JVM
byDierk König
 
Dynamic programming
PPT
Dynamic programming
byShakil Ahmed
 
Cleansing test suites from coincidental correctness to enhance falut localiza...
PPT
Cleansing test suites from coincidental correctness to enhance falut localiza...
byTao He
 
01. haskell introduction
PDF
01. haskell introduction
bySebastian Rettig
 
Advanced Search Techniques
PPT
Advanced Search Techniques
byShakil Ahmed
 
09 - Program verification
PDF
09 - Program verification
byTudor Girba
 
Haskellで学ぶ関数型言語
KEY
Haskellで学ぶ関数型言語
byikdysfm
 
証明駆動開発のたのしみ@名古屋reject会議
KEY
証明駆動開発のたのしみ@名古屋reject会議
byHiroki Mizuno
 
TRICK
PPTX
TRICK
byJimmy Ngu
 
Pas oct12
PPT
Pas oct12
byAbhik Roychoudhury
 
PAS 2012
PPT
PAS 2012
byAbhik Roychoudhury
 
11. template
PPTX
11. template
byVahid Heidari
 
Haskell
PPTX
Haskell
byJackson dos Santos Olveira
 
Software Visualization - Promises & Perils
PDF
Software Visualization - Promises & Perils
byMichele Lanza
 
Struct examples
PPT
Struct examples
bymondalakash2012
 
CSC8503 Principles of Programming Languages Semester 1, 2015.docx
DOCX
CSC8503 Principles of Programming Languages Semester 1, 2015.docx
byfaithxdunce63732
 
Micro Blaze C Reference
PDF
Micro Blaze C Reference
byiuui
 
computer science sample papers 2
PDF
computer science sample papers 2
bySwarup Kumar Boro
 
Software Visualization 101+
PDF
Software Visualization 101+
byMichele Lanza
 
Haskell - Being lazy with class
PDF
Haskell - Being lazy with class
byTiago Babo
 
Frege - consequently functional programming for the JVM
Frege - consequently functional programming for the JVM
byDierk König
 
Dynamic programming
Dynamic programming
byShakil Ahmed
 
Cleansing test suites from coincidental correctness to enhance falut localiza...
Cleansing test suites from coincidental correctness to enhance falut localiza...
byTao He
 
01. haskell introduction
01. haskell introduction
bySebastian Rettig
 
Advanced Search Techniques
Advanced Search Techniques
byShakil Ahmed
 
09 - Program verification
09 - Program verification
byTudor Girba
 
Haskellで学ぶ関数型言語
Haskellで学ぶ関数型言語
byikdysfm
 
証明駆動開発のたのしみ@名古屋reject会議
証明駆動開発のたのしみ@名古屋reject会議
byHiroki Mizuno
 
TRICK
TRICK
byJimmy Ngu
 
Pas oct12
Pas oct12
byAbhik Roychoudhury
 
PAS 2012
PAS 2012
byAbhik Roychoudhury
 
11. template
11. template
byVahid Heidari
 
Haskell
Haskell
byJackson dos Santos Olveira
 
Software Visualization - Promises & Perils
Software Visualization - Promises & Perils
byMichele Lanza
 
Struct examples
Struct examples
bymondalakash2012
 
CSC8503 Principles of Programming Languages Semester 1, 2015.docx
CSC8503 Principles of Programming Languages Semester 1, 2015.docx
byfaithxdunce63732
 
Micro Blaze C Reference
Micro Blaze C Reference
byiuui
 
computer science sample papers 2
computer science sample papers 2
bySwarup Kumar Boro
 
Software Visualization 101+
Software Visualization 101+
byMichele Lanza
 
Haskell - Being lazy with class
Haskell - Being lazy with class
byTiago Babo
 

More from Hiroki Mizuno

TypeSafe OSの試み
PDF
TypeSafe OSの試み
byHiroki Mizuno
 
OCamlでWebアプリケーションを作るn個の方法
PDF
OCamlでWebアプリケーションを作るn個の方法
byHiroki Mizuno
 
#NGK2012B Excelによる設計書について
PDF
#NGK2012B Excelによる設計書について
byHiroki Mizuno
 
Scala基礎勉強会: Featherweight Scalaの紹介および型付け規則の決定可能性について
KEY
Scala基礎勉強会: Featherweight Scalaの紹介および型付け規則の決定可能性について
byHiroki Mizuno
 
Java基礎
KEY
Java基礎
byHiroki Mizuno
 
Sml#探検隊
KEY
Sml#探検隊
byHiroki Mizuno
 
どこでもCoq
KEY
どこでもCoq
byHiroki Mizuno
 
Coq for Moblie Phone @ ML名古屋
KEY
Coq for Moblie Phone @ ML名古屋
byHiroki Mizuno
 
Darcs紹介@20120423-scmbc
PDF
Darcs紹介@20120423-scmbc
byHiroki Mizuno
 
Gallinaによる証明駆動開発の魅力
KEY
Gallinaによる証明駆動開発の魅力
byHiroki Mizuno
 
CoqによるMsgPackの証明
PDF
CoqによるMsgPackの証明
byHiroki Mizuno
 
20110424 action scriptを使わないflash勉強会
KEY
20110424 action scriptを使わないflash勉強会
byHiroki Mizuno
 
Coq to Rubyによる証明駆動開発@名古屋ruby会議02
KEY
Coq to Rubyによる証明駆動開発@名古屋ruby会議02
byHiroki Mizuno
 
Coqによる証明駆動開発
KEY
Coqによる証明駆動開発
byHiroki Mizuno
 
NGK忘年会 2010 / CoqからRubyへ
KEY
NGK忘年会 2010 / CoqからRubyへ
byHiroki Mizuno
 
From Coq to Ruby / CoqからRubyへ
PDF
From Coq to Ruby / CoqからRubyへ
byHiroki Mizuno
 
SacalaZa #1
KEY
SacalaZa #1
byHiroki Mizuno
 
CoqUn2010
KEY
CoqUn2010
byHiroki Mizuno
 
OCamlAPISearchの紹介
KEY
OCamlAPISearchの紹介
byHiroki Mizuno
 
Proove Mark&Sweep GC with Coq
KEY
Proove Mark&Sweep GC with Coq
byHiroki Mizuno
 
TypeSafe OSの試み
TypeSafe OSの試み
byHiroki Mizuno
 
OCamlでWebアプリケーションを作るn個の方法
OCamlでWebアプリケーションを作るn個の方法
byHiroki Mizuno
 
#NGK2012B Excelによる設計書について
#NGK2012B Excelによる設計書について
byHiroki Mizuno
 
Scala基礎勉強会: Featherweight Scalaの紹介および型付け規則の決定可能性について
Scala基礎勉強会: Featherweight Scalaの紹介および型付け規則の決定可能性について
byHiroki Mizuno
 
Java基礎
Java基礎
byHiroki Mizuno
 
Sml#探検隊
Sml#探検隊
byHiroki Mizuno
 
どこでもCoq
どこでもCoq
byHiroki Mizuno
 
Coq for Moblie Phone @ ML名古屋
Coq for Moblie Phone @ ML名古屋
byHiroki Mizuno
 
Darcs紹介@20120423-scmbc
Darcs紹介@20120423-scmbc
byHiroki Mizuno
 
Gallinaによる証明駆動開発の魅力
Gallinaによる証明駆動開発の魅力
byHiroki Mizuno
 
CoqによるMsgPackの証明
CoqによるMsgPackの証明
byHiroki Mizuno
 
20110424 action scriptを使わないflash勉強会
20110424 action scriptを使わないflash勉強会
byHiroki Mizuno
 
Coq to Rubyによる証明駆動開発@名古屋ruby会議02
Coq to Rubyによる証明駆動開発@名古屋ruby会議02
byHiroki Mizuno
 
Coqによる証明駆動開発
Coqによる証明駆動開発
byHiroki Mizuno
 
NGK忘年会 2010 / CoqからRubyへ
NGK忘年会 2010 / CoqからRubyへ
byHiroki Mizuno
 
From Coq to Ruby / CoqからRubyへ
From Coq to Ruby / CoqからRubyへ
byHiroki Mizuno
 
SacalaZa #1
SacalaZa #1
byHiroki Mizuno
 
CoqUn2010
CoqUn2010
byHiroki Mizuno
 
OCamlAPISearchの紹介
OCamlAPISearchの紹介
byHiroki Mizuno
 
Proove Mark&Sweep GC with Coq
Proove Mark&Sweep GC with Coq
byHiroki Mizuno
 

Recently uploaded

Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
PDF
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
Dating App Development by Bootesnull Company
PDF
Dating App Development by Bootesnull Company
byBootesnull
 
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
PDF
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
PDF
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
byRaghu Ram
 
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
PDF
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
PDF
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
The State of Adventure Capital - Grant Gregory | Cantos
PDF
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
PPTX
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
byScott Keck-Warren
 
Immer vorne mit dabei sein - Roaming leicht gemacht
PDF
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
Assignment Review and Accessibility Audit Findings.pptx
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
PDF
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
PDF
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
PDF
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
Transcript: Embedding sustainability: Tips for ebook and print production - T...
PDF
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
API Days Australia - API Management in the AI Era
PDF
API Days Australia - API Management in the AI Era
byNilesh Gule
 
Staying Ahead of the Curve - Roaming Just Got Easier
PDF
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
Formula 3 - MACO using general limit.docx
DOCX
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
PDF
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
Dating App Development by Bootesnull Company
Dating App Development by Bootesnull Company
byBootesnull
 
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
Memo No.3006141 dt.25.10.2025- SOP for Grant of Online Change Of Land Use
byRaghu Ram
 
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
The State of Adventure Capital - Grant Gregory | Cantos
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
Taming Time in PHP: Best Practices and Gotchas at Longhorn PHP 2025
byScott Keck-Warren
 
Immer vorne mit dabei sein - Roaming leicht gemacht
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
Assignment Review and Accessibility Audit Findings.pptx
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
Build Agentic AI Applications with Oracle AI Database Private Agent Factory -...
bySandesh Rao
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
Transcript: Embedding sustainability: Tips for ebook and print production - T...
Transcript: Embedding sustainability: Tips for ebook and print production - T...
byBookNet Canada
 
API Days Australia - API Management in the AI Era
API Days Australia - API Management in the AI Era
byNilesh Gule
 
Staying Ahead of the Curve - Roaming Just Got Easier
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
Formula 3 - MACO using general limit.docx
Formula 3 - MACO using general limit.docx
byMarkus Janssen
 
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 

「Frama-Cによるソースコード検証」 (mzp)

  • 1.
  • 2.
    mzp / SE > ocaml-nagoya > ProofCafe > Scala 2
  • 4.
    2/26 Ruby 02 4
  • 5.
  • 6.
    Reject → 5
  • 7.
    @bleis bf SQL @sunflat Amazon EC2 @yoya PHP: ZendEngine @terurou CommonJS @nari3 GC @mallowlabs AsakusaSattelite @yoshihiro503 Coq @mzp @wof_moriguchi F# @keigoi  ocamljs ocaml android ( ) @osiire GADT @kaizen_nagoya XYZ @dico_leque Meta-objective Lisp 6
  • 8.
    @bleis bf SQL @sunflat Amazon EC2 @yoya PHP: ZendEngine @terurou CommonJS @nari3 GC @mallowlabs AsakusaSattelite @yoshihiro503 Coq @mzp ! @wof_moriguchi F# @keigoi  ocamljs ocaml android ( ) @osiire GADT @kaizen_nagoya XYZ @dico_leque Meta-objective Lisp 7
  • 9.
  • 10.
  • 12.
    :min() min() 2 ← 11
  • 13.
    template ≦ OK > (structual subtype) template <class T> T min(T x, T y) { return (x <= y) ? x : y; } 12
  • 14.
    auto concept Le<classT> { bool operator<=(T, T); } template <class T> requires Le<T> T min(T x, T y) { return x <= y ? x : y; } 13
  • 15.
    // int BOOST_CHECK_EQUAL( min(1,2), 1 ); BOOST_CHECK_EQUAL( min(2, 1), 1 ); BOOST_CHECK_EQUAL( min(3, 3), 3 ); // dobule BOOST_CHECK_EQUAL( min(1., 2.), 1. ); BOOST_CHECK_EQUAL( min(2., 1.), 1. ); 14
  • 16.
    ... 3 ← 15
  • 17.
    1 min ≦ OK template <class T> requires Le<T> T min3(T x, T y, T z) { return min(x, min(y, z)); } 16
  • 18.
    // int BOOST_CHECK_EQUAL( min3(1,2,3), 1 ); BOOST_CHECK_EQUAL( min3(2, 1,3), 1 ); BOOST_CHECK_EQUAL( min3(3, 2,1), 1 ); // dobule BOOST_CHECK_EQUAL( min3(1., 2.,4.), 1. ); BOOST_CHECK_EQUAL( min3(2., 1.,4.), 1. ); 17
  • 19.
  • 20.
    ”: int int ≦ :x≦y z≦w (x,z) ≦ (y,w) &'( !"#"$ ← !"#%$ !%#"$ )*( !%#%$ 19
  • 21.
    ”: int int ≦ :x≦y z≦w (x,z) ≦ (y,w) &'( !"#"$ ← !"#%$ !%#"$ )*( !%#%$ 19
  • 22.
    OK ← > :x≦x > :x≦y y≦z x≦z ↑ 20
  • 23.
    > ≦ bool min,min3 ↑ 21
  • 24.
  • 25.
  • 27.
    Frama-C[1] C > Value Analysis,Effects Analysis, etc 24
  • 28.
    C → Why→ > Alt-Ergo: ← > Coq: ← > ...and more ACSL > ACSL = ANSI/ISO C Specification Language !"#$#%& '() *+,%-"./ 25 00&/1
  • 29.
    : abs() abs : 0 ACSL //@ ensures result >= 0; int abs (int i) { return i < 0 ? -i : i; } 26
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
    $ frama-c -jessieabs.c INT_MIN ! 27
  • 35.
    requires INT_MIN //@ requires i > -2147483648; //@ ensures result >= 0; int abs (int i) { return i < 0 ? -i : i; 28
  • 36.
  • 37.
    Frama-C C++ C C++ > Frama-C 30
  • 38.
    : LE ≦ → LE >C ACSL /*@ axiomatic order { predicate LE(T x, T y); } */ 31
  • 39.
    Frama-C min,min3 C++ Frama-C T → void* → > typedef void* T; bool leq(T x, T y) { return true; } 32
  • 40.
    leq leq : LE > leq(x,y) true LE(x,y) > leq(x,y) false LE(y, x) /*@ ensures (¥result == true ==> LE(x,y)) && (¥result == false ==> LE(y,x)); */ bool leq(T x, T y){ ... } 33
  • 41.
    min leq min x,y /*@ ensures LE(¥result, x) && LE(¥result, y); */ T min(T x,T y){ return leq(x,y) ? x : y; } 34
  • 42.
  • 43.
  • 44.
    /*@ axiomatic order{ predicate LE(T x, T y); axiom refl : ¥forall T x; LE(x,x); ← 37
  • 45.
    min3 min3 : x,y,z /*@ ensures LE(result, x) && LE(result, y) && LE(result, z); */ T min3(T x,T y,T z){ return min(x, min(y,z)); 38
  • 46.
  • 47.
    > Coq → LE( , min(y,z)) LE(min(y,z), y) LE( , y) 40
  • 48.
    /*@ axiomatic order{ predicate LE(T x, T y); axiom refl : ¥forall T x; LE(x,x); axiom trans: forall T x,T y,T z; LE(x,y) ==> LE(y,z) ==> LE(x,z); ← 41
  • 49.
    Frama-C min,min3 42
  • 50.
    :ProofSummit 9/25( ) 10:00 17:00 @ http://bit.ly/proofsummit Coq,Agda2 43

Editor's Notes