Previous | 
Home
Section: New Results
Certification
P. Herms, together with C. Marché and B. Monate (CEA List), developed a certified VC generator, using Coq. The program for VC calculus and its specifications are both written in Coq, but the code is crafted so that it can be extracted automatically into a stand-alone executable. It is also designed in a way that allows the use of arbitrary first-order theorem provers to discharge the generated obligations [28] .
On top of the previous generic VC generator, P. Herms developed a certified VC generator for C source code annotated using ACSL. This work is the main result of his PhD thesis which will be defended in January 2013.
A. Tafat and C. Marché started experiments of development of a certified VC generator using Whyt instead of Coq. The challenge was to formalize the operational semantics of an imperative language, and a corresponding weakest precondition calculus, without the possibility to use Coq advanced features such as dependent types nor higher-order functions. The classical issues with local bindings, names and substitutions were solved by identifying appropriate lemmas. It was shown that Why3 can offer a very significantly higher amount of proof automation compared to Coq [43] . This will be presented at the JFLA conference in February 2013 [95]
The work that we started in 2011, about the use of the Why3 environment and its back-end provers as an alternative to the built-in prover of “Atelier B”, was published at the ABZ conference [29] . This work continues in the context of the new ANR project BWare.
With J. Almeida, M. Barbosa, J. Pinto and B. Vieira (University do Minho, Braga, Portugal), J.-C. Filliâtre developed a method for certifying programs involving cryptographic methods. It uses Why as an intermediate language. A journal article will appear on Science of Computer Programming [13] .
Watermarking techniques are used to help identify copies of publicly released information. They consist in applying a slight and secret modification to the data before its release, in a way that should remain recognizable even in (reasonably) modified copies of the data. Using the Coq Alea library, which formalizes probability theory and probabilistic programs, D. Baelde together with P. Courtieu, D. Gross-Amblard from Rennes and C. Paulin have established new results about the robustness of watermarking schemes against arbitrary attackers. The technique for proving robustness is adapted from methods commonly used for cryptographic protocols and our work illustrates the strengths and particularities of the induced style of reasoning about probabilistic programs. This work has been presented at the conference ITP 2012 [19] .
Supervised by J. Falcou and C. Paulin during his M2 internship, N. Lupinski developed a formalisation of a skeleton language for automated generation of parallel programs. A kernel of the language has been identified, its semantics has been formalised in Coq where a construction is interpreted by a relation between lists of entries and lists of outputs. A transformation scheme from the skeleton language towards JOCaml programs has been proposed and proven correct with respect to the relational semantics. This work is described in [44] .
A. Charguéraud is currently working on the JsCert project (http://jscert.org ), which aims at the formalization of the semantics of the JavaScript programming language (as described in ECMAScript Language Specification, version 5.1) and the development of a verified JavaScript interpreter. This project is joint work with Philippa Gardner, Sergio Maffeis, Gareth Smith, Daniele Filaretti and Daiva Naudziuniene from Imperial College, and Alan Schmitt and Martin Bodin from Inria Rennes - Bretagne Atlantique. As of today, the formalization already covers a substantial amount of the JavaScript language, and the verified interpreter is able to execute a number of benchmarks taken from standard JavaScript test suites.
The formalization of the semantics of JavaScript makes use of a novel technique, called pretty-big-step semantics, for representing reduction rules in big-step style without suffering from a duplication of several premises accross different rules. This duplication is indeed typical in big-step semantics describing the behavior of exceptions and of divergence. The pretty-big-step semantics is described by A. Charguéraud in a paper to appear at ESOP 2013 [71] .